Re: [fw-wiz] About Port Forwarding, Apache and Firewall Rules
From: Servie Platon (servie_tech_at_yahoo.com)
To: "Paul D. Robertson" <firstname.lastname@example.org> Date: Mon, 30 Aug 2004 12:16:20 -0700 (PDT)
With all due respect to everyone on this group whom I
may have annoyed or have bothered on this issue, my
I don't expect any sympathy from anyone here, but let
me first explain why I made such a request.
My primary intention is to host a family oriented web
site exclusively for my family, in other words this is
not a commercial site. This site will give information
or updates about our big clan/family ranging from
birthdays, weddings, christenings and/or Christmas or
other family reunions showcas/gatherings showcasing
pictures, or possibly even video footage of such
Since I come from a relatively large family where it
consists of 1st, 2nd, 3rd and even 4th generation of
kin, with a closely knit relationship. I feel it
necessary as a token of gratitude to my aunts and
uncles and even my parents whose age range are in the
70's and 80's, not to mention the young ones (great
grand kids of my uncles) who are very much into the
internet to host a non commercial site for the
exclusive use of our family/clan.
I have pure and clean intentions here Sirs and as a
matter of fact, I am consulting this prestigous group
for some tips on how to go about my project. I have
learned from school where linux is one subject that
this is open source and a powerful O/S at that, and if
configured incorrectly or compromised, it could be
used to create havoc and confusion out there by making
my host machine as a tool for DoS attacks and other
forms of malicious intent to destruct other people.
I am a law abiding citizen and I intend to follow the
guidelines and norms bound by the TOS agreement of our
cable provider. But before anyone react, anybody on my
situation would probably do the same thing due to the
First, I live in an area where we have limited ISP
service due to the demographic location. As of this
present time, we only have one cable ISP and no DSL
Now, this project of mine has been ongoing for months
and as a matter of fact, I am looking into all the
possibilities/avenues of hosting such site, this
includes the breach of the TOS of my provider. Other
problems that has been hampering this project is the
cost of getting a static ip address, limited ISP in my
area and budget to pay for additional service such as
web hosting service.
Speaking of TOS's, I work for a non profit
organization or NGO/Foundation wherein I am the
volunteer administrator of its small windows network.
Unfortunately, this organization doesn't have T1 line
or leased line for that matter. More so, the ISP we
have there is also cable service. My boss asked me to
setup a website for his foundation and since we are
bound by the TOS of our cable provider, I suggested to
him that we should go through a web service provider
instead so as not to breach the TOS agreement, and so
we did. Now, I am in the process of designing the web
site which is hosted off site. The trade off is that
the Foundation pays extra for the web hosting service
which this organization can afford to pay. But I think
we have done the right thing, abiding by TOS.
I am not saying this to justify my requirement and as
a matter of fact, I have contemplated of relocating
the server intended for this purpose, to my cousins
house where he has a DSL service and not bound by the
limitations of TOS of some cable providers. But since,
setting up one's website does not stop from there or
does not happen overnight. I have done laborious task
of installing or enabling only the necessary services
for this bastion host. Compile the apache from source,
download the security updates, install IDS or admin
tools like snort, tripwire to fully bastionize this
host among others, so that I limit the risk of being
used to attack others.
Amidst great power of Linux, lies great
responsibility. Based from this statement, I am
conferring this prestigious group where most of you
are either firewall or linux gurus.
I have fully understood the TOS agreement and intend
to abide by it. And I intend to host this site at my
cousin's house and probably SSH my way to it to do
admin tasks since I live about 45 miles away.
Before I hook up this machine using DSL provided
service which allows inbound TCP connections on port
80. Let me again, ask this kind group if anyone is
still interested in helping me out what firewall rules
I should make on iptables to help my life less
miserable and safe for others.
I don't intend this machine I am setting up to be used
for DoS and other bad stuff so that is why I am asking
and posting this question to make it a little bit
secure. I am no linux expert but have come to embrace
the philosophy of open source system. I am no script
kiddie or intend to be a cracker since doing damage
and eavesdropping is not my cup of tea.
All I want to do is make my family/clan happy by
finally being able to host a web site, abiding by the
terms and conditions of the TOS.
Again, my apologies to everyone. I want to be
responsible enough that my system is secure and linux
hardened to be safe for everyone. So that everybody
will be happy including cable ISPs. No harm in
Thanks for your time.
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
firewall-wizards mailing list