On 02/09/06 08:49, pelibali wrote:
Hi,
I did an nmap scan on my computer itself on thee ways and realized that both the cups and nfs services are in fact listening on the external interfaces (last case as MYCOMP.MYDOMAIN):
<snip>
Previously I could successfully stop smtp/ssh/squid to listen on my external interface; would you please have an advise, how to stop the above two to do the same?! I'm not afraid too much, because the fire- wall is on, but... By default, services such as nfs, ipp and samba will listen on every network device you have, but that should not pose a problem if you have a good firewall. SuSEfirewall2, for example, will reject any new connections on ports that you do not explicitly allow, even though running nmap on your own external interface indicates they are open (that is probably due to the fact you are connecting to the interface from localhost).
Go to one of those external sites (google for port.scan and pick one,
you'll want to find one that does both TCP and UDP scans, most only do
TCP) to check which ports really are open on your system. If anything is
open that should be closed, the SuSEfirewall variables you need to check
are FW_SERVICES_EXT_* in /etc/sysconfig/SuSEfirewall2.
You can stop CUPS from listening on the external interface by editing
/etc/cups/cupsd.conf. I have not found a way to do this one in Yast
(which can do most other CUPS configuration operations), so you'll need
to edit it manually. Search for and comment out the line "Port 631", and
add the following lines:
Listen localhost:631
Listen