Re: [fw-wiz] About Port Forwarding, Apache and Firewall Rules

From: Servie Platon (servie_tech_at_yahoo.com)
Date: 08/30/04

  • Next message: Dave Piscitello: "Re: [fw-wiz] resource pages"
    To: "Paul D. Robertson" <paul@compuwar.net>
    Date: Mon, 30 Aug 2004 12:16:20 -0700 (PDT)
    
    

    Dear Sirs:

    With all due respect to everyone on this group whom I
    may have annoyed or have bothered on this issue, my
    sincerest apologies.

    I don't expect any sympathy from anyone here, but let
    me first explain why I made such a request.

    My primary intention is to host a family oriented web
    site exclusively for my family, in other words this is
    not a commercial site. This site will give information
    or updates about our big clan/family ranging from
    birthdays, weddings, christenings and/or Christmas or
    other family reunions showcas/gatherings showcasing
    pictures, or possibly even video footage of such
    events.

    Since I come from a relatively large family where it
    consists of 1st, 2nd, 3rd and even 4th generation of
    kin, with a closely knit relationship. I feel it
    necessary as a token of gratitude to my aunts and
    uncles and even my parents whose age range are in the
    70's and 80's, not to mention the young ones (great
    grand kids of my uncles) who are very much into the
    internet to host a non commercial site for the
    exclusive use of our family/clan.

    I have pure and clean intentions here Sirs and as a
    matter of fact, I am consulting this prestigous group
    for some tips on how to go about my project. I have
    learned from school where linux is one subject that
    this is open source and a powerful O/S at that, and if
    configured incorrectly or compromised, it could be
    used to create havoc and confusion out there by making
    my host machine as a tool for DoS attacks and other
    forms of malicious intent to destruct other people.

    I am a law abiding citizen and I intend to follow the
    guidelines and norms bound by the TOS agreement of our
    cable provider. But before anyone react, anybody on my
    situation would probably do the same thing due to the
    following circumstances.

    First, I live in an area where we have limited ISP
    service due to the demographic location. As of this
    present time, we only have one cable ISP and no DSL
    providers.

    Now, this project of mine has been ongoing for months
    and as a matter of fact, I am looking into all the
    possibilities/avenues of hosting such site, this
    includes the breach of the TOS of my provider. Other
    problems that has been hampering this project is the
    cost of getting a static ip address, limited ISP in my
    area and budget to pay for additional service such as
    web hosting service.

    Speaking of TOS's, I work for a non profit
    organization or NGO/Foundation wherein I am the
    volunteer administrator of its small windows network.
    Unfortunately, this organization doesn't have T1 line
    or leased line for that matter. More so, the ISP we
    have there is also cable service. My boss asked me to
    setup a website for his foundation and since we are
    bound by the TOS of our cable provider, I suggested to
    him that we should go through a web service provider
    instead so as not to breach the TOS agreement, and so
    we did. Now, I am in the process of designing the web
    site which is hosted off site. The trade off is that
    the Foundation pays extra for the web hosting service
    which this organization can afford to pay. But I think
    we have done the right thing, abiding by TOS.

    I am not saying this to justify my requirement and as
    a matter of fact, I have contemplated of relocating
    the server intended for this purpose, to my cousins
    house where he has a DSL service and not bound by the
    limitations of TOS of some cable providers. But since,
    setting up one's website does not stop from there or
    does not happen overnight. I have done laborious task
    of installing or enabling only the necessary services
    for this bastion host. Compile the apache from source,
    download the security updates, install IDS or admin
    tools like snort, tripwire to fully bastionize this
    host among others, so that I limit the risk of being
    used to attack others.

    Amidst great power of Linux, lies great
    responsibility. Based from this statement, I am
    conferring this prestigious group where most of you
    are either firewall or linux gurus.

    I have fully understood the TOS agreement and intend
    to abide by it. And I intend to host this site at my
    cousin's house and probably SSH my way to it to do
    admin tasks since I live about 45 miles away.

    Before I hook up this machine using DSL provided
    service which allows inbound TCP connections on port
    80. Let me again, ask this kind group if anyone is
    still interested in helping me out what firewall rules
    I should make on iptables to help my life less
    miserable and safe for others.

    I don't intend this machine I am setting up to be used
    for DoS and other bad stuff so that is why I am asking
    and posting this question to make it a little bit
    secure. I am no linux expert but have come to embrace
    the philosophy of open source system. I am no script
    kiddie or intend to be a cracker since doing damage
    and eavesdropping is not my cup of tea.

    All I want to do is make my family/clan happy by
    finally being able to host a web site, abiding by the
    terms and conditions of the TOS.

    Again, my apologies to everyone. I want to be
    responsible enough that my system is secure and linux
    hardened to be safe for everyone. So that everybody
    will be happy including cable ISPs. No harm in
    trying???

    Thanks for your time.

    Sincerely,
    Servie

                    
    _______________________________
    Do you Yahoo!?
    Win 1 of 4,000 free domain names from Yahoo! Enter now.
    http://promotions.yahoo.com/goldrush
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Dave Piscitello: "Re: [fw-wiz] resource pages"

    Relevant Pages

    • Re: What rules stop Ping from being answered by my pc
      ... NO 6 Destination network unknown ... In 7 Destination host unknown ... NO 11 Network unreachable for TOS ... NO 14 Host precedence violation ...
      (comp.security.firewalls)
    • Re: www.KennethRobertPangborn.ChokesOnDick.com
      ... > VIEW THE TOTAL TRUTH ABOUT KENNETH ROBERT PANGBORN...... ... Well ask WHY it violates the TOS of ANY host??? ...
      (soc.men)
    • Apology
      ... Subject: SPAMMING NEWSGROUPS ... ......is probably in violation of the TOS under which you access and host on the Net. ...
      (rec.outdoors.fishing.fly)
    • apology
      ... Subject: SPAMMING NEWSGROUPS ... ......is probably in violation of the TOS under which you access and host on the Net. ...
      (rec.outdoors.fishing.fly.tying)
    • Re: "How William Shatner Changed the World"
      ... Paul Hyett wrote: ... They have already started showing Angel, I do not know when they intend to show TOS. ...
      (uk.media.tv.sf.startrek)