Re: [TCLUG:17853] firewalls and Web servers

To: TCLUG <tclug-list@mn-linux.org>
Subject: Re: [TCLUG:17853] firewalls and Web servers
From: Ben Kochie <ben@nerp.net>
Date: Thu, 18 May 2000 13:27:30 -0500 (CDT)
In-Reply-To: <Pine.GSO.4.10.10005181218330.6070-100000@isis.visi.com>

well, with linux's built in ipchains controls, you could make it act as
it's own firewall.. you really DO NOT want it behind the border manager,
and a bsd firewall won't do much good because you are going to allow
incoming connections to many ports anyway... but using ipchains you could
allow connections like POP,IMAP,SSH and others from the bordermanager's
IP, but no where else, allowing the internal network to see it, but not
from the outside.. this is how I have our system configured for my
company.. it's better to backup the web server often, and nuke/re-install
it than for it to have a possibility of being a security threat to the
internal network

Thank You,
        Ben Kochie (ben@nerp.net)

*-----------------------*  [ - * - * - * - * - * - * - * - ]
| Unix/Linux Consulting |  [ Haiku Error Message:          ]
|  PC/Mac Repair        |  [  Chaos reigns within.         ]
|   Networking          |  [  Reflect, repent, and reboot. ]
| http://nerp.net       |  [  Order shall return.          ]
*-----------------------*  [ - * - * - * - * - * - * - * - ]

 "Unix is user friendly, Its just picky about its friends."

On Thu, 18 May 2000, Timothy Wilson wrote:

> Hi everyone,
> 
> Chances are good that I'll be updated the Web server at Sibley this summer.
> It's a good think too because the dynamically generated Zope pages put a
> fairly big load on the puny little box that we're using now.
> 
> Here's a quick review of our setup:
> 
> Our entire network (except for the Web server) sits behind a Novell
> BorderManager firewall/Web proxy/Groupwise email server. We use a 10.0.0.0
> system for all internal IPs. I need to Web server to run Apache (obviously),
> Zope, PostgreSQL, ftp (probably Pro-ftpd or maybe Beroftpd), and an MTA
> (probably Postfix). Currently, the Web server sits in the DMZ between the
> firewall and our router.
> 
> So, should I...
> 
> 1. Stick with the current system, relying on built-in Linux security to
> repel attacks.
> 
> 2. Put the Web server behind the Novell firewall.
> 
> 3. Keep the Web server in the DMZ and install an OpenBSD firewall just for
> the Web server.
> 
> Any thoughts or recommendations?
> 
> -Tim
> 
> --
> Tim Wilson      | Visit Sibley online:         | Check out:
> Henry Sibley HS | http://www.isd197.k12.mn.us/ | http://www.zope.org/
> W. St. Paul, MN |                              | http://slashdot.org/
> wilson@visi.com |   <dtml-var pithy_quote>     | http://linux.com/
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>

References:
- firewalls and Web servers
  - From: Timothy Wilson <wilson@visi.com>

Prev by Date: Re: [TCLUG:17854] old hardware avail at this weekend's installfest
Next by Date: XT Computers - free hardware
Prev by thread: RE: [TCLUG:17853] firewalls and Web servers
Next by thread: Re: [TCLUG:17672] Security question
Index(es):
- Date
- Thread