Shorewall users - Jun 2004 - [not member] forbid execution on one of the card

Hi,
I would like to know how to restrict application to work on the
"internet" card.
Explanation:
For exempel I have nfs. My exports files is made to work only for eth1:
192.168.1.0/24.
But if I make a nmap on my other card eth2: 80....., I will see the nfs service.
I have looking in the what shorewall can not do, and I think it is one of the
things.
Am I right ?, If I can''t use shorewall to do so what are my options ?
Is webmin good enought to configure shorewall or should I make it "by
hand"
Thank you for your help
Friendly
Jean Christophe

Jean Christophe Pelletier wrote:
> I would like to know how to restrict application to work on the
"internet" card.
> Explanation:
> For exempel I have nfs. My exports files is made to work only for eth1:
192.168.1.0/24.
> But if I make a nmap on my other card eth2: 80....., I will see the nfs
service.
Two things:

a) Your exports file doesn''t determine the address(es) that the port 
mapper listens on.
b) Be very careful using mnap with UDP; if your system is totally 
stealth (doesn''t respond to any UDP packets), nmap will still not
report
UDP ports on the system as closed.
> I have looking in the what shorewall can not do, and I think it is one of
the things.
> Am I right ?, If I can''t use shorewall to do so what are my
options ?
Shorewall can restrict what is accessible from systems connected through 
each interface; that''s the whole purpose of Shorewall. It can also 
restrict what is available by connecting to a particular address.
> Is webmin good enought to configure shorewall or should I make it "by
hand"
You should follow one of the QuickStart Guides 
(http://shorewall.net/shorewall_quickstart_guide.htm).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net