I've got a 3 machine network, and I am far from a competent sysadmin.
I'd like to restrict certain services (such as RPC and printer services)
to specific network interfaces. Any help would really be appreciated.
One machine (tycho) has a cable modem connection to the net, and is the
NFS/NIS/DHCP server to the other two machines (jake & elwood). On tycho,
eth0 is the cable modem, eth1 is a crossover cable to elwood, and eth2 is
a crossover cable to jake. This is the current output from an nmap on
tycho's public IP (eth0), run from elwood:
Port State Service
22/tcp open ssh
111/tcp open sunrpc
139/tcp open netbios-ssn
515/tcp open printer
600/tcp open ipcserver
617/tcp open unknown
658/tcp open unknown
758/tcp open nlogin
Ideally, I'd like these ports to only be open to eth, and I'd like
outside connections to only be able to see an open port 22 for ssh
How can I achieve this? Is there some general way to do it for all
services, or do I need to tackle this on a service-by-service basis?