Hi, On Sat, 2 Sep 2006 16:49:08 +0200 pelibali <...> wrote:
scanning the same comp on three ways: nmap localhost PORT STATE SERVICE 111/tcp open rpcbind 631/tcp open ipp 930/tcp open unknown 2049/tcp open nfs ... nmap 192.168.0.1 (int) PORT STATE SERVICE 111/tcp open rpcbind 631/tcp open ipp 930/tcp open unknown 2049/tcp open nfs ... nmap IP.IP.IP.IP (ext) PORT STATE SERVICE 111/tcp open rpcbind 631/tcp open ipp 930/tcp open unknown 2049/tcp open nfs
This is time now to answer half of my previous question. I went for the file /etc/cups/cupsd.conf and defined Listen 127.0.0.1:631 Listen 192.168.0.1:631 there, which caused cupsd not listening on the external interface. BUT the nfs-related things I couldn't hide, because didn't find the respective place, where I could explicitly say that they should run only on internal interfaces. I'm on the way to digest all literature on rpc calls and hosts.deny/allow, but I'm sure, there should be a better way, than to firewall only these ports and defining e.g. exact internal IPs in the /etc/exports file on the nfs server... Thanks, Pelibali