[fw-wiz] About Port Forwarding, Apache and Firewall Rules - conclusion
From: Servie Platon (servie_tech_at_yahoo.com)
To: "Fetch, Brandon" <BFetch@texpac.com> Date: Mon, 30 Aug 2004 14:18:09 -0700 (PDT)
This, I think will be my last post on this thread.
Again, I am so sorry if I may have irked someone with
regards to TOS's. I know I may have asked the wrong
question or may have the wrong intentions as per TOS
agreements, I admit, my mistake and fault. My
apologies to everyone.
I thought that open source and user groups such as
this, is aimed in helping those people who is
interested and in need. I am not a linux expert nor a
firewall guru like most of you guys, so that is why I
have posted in here.
For the peace of mind of everyone on this thread and
with the one's who work for cable ISP's for that
matter. Let me reiterate that I intend to setup this
website via DSL service which does not have the TOS
restrictions. The problem with TOS issue has been
resolved, end of the story.
But what I am asking here is, since I am doing the
testing here at my house and I use my cable ISP. I
wanted to make sure first what iptable rules is ideal
for my apache box. Still, I need to do the testing
first, like check if it could be accessed from the
outside and so on?
Again, let me point out that I am just testing out
first the box before I let this loose in the open by
connecting this through my cousin's house with a DSL
service, I would just like to know from anyone who has
a good samaritan nature. What's the best iptable rules
to enforce on my box considering I connect this box to
a DMZ port on my linksys router where my apache box
listens to port, ie. 555?
The questions raised before were:
1. If I assign a different port would it be a security
threat or easier for someone to break in my box? Or
port 80 and any other ports, doesn't matter at all.
2. I used port forwarding and a webhop service from
dyndns.org which redirects connections from port 80 to
my box. Having the linksys router do the port
forwarding alongside my susbscription with dyndns.org
to do webhop. I would like to know if there are
additional configuration that I should do on my
linksys for additional rules to implement.
3. This too goes with my apache box. What iptable
rules should I use?
As I have said before, restricting root access,
applying security patch for my linux distro, compiling
the kernel and/or compiling apache from source, enable
SSH service, TCP Wrappers, installing IDS, tripwire
along with snort among other tools to secure my host
has been considered.
On this regard, may I take the opportunity for those
people who had been nice enough to reply to this
thread and have showed interest in helping out. My
sincerest and grateful thanks to all of you. And for
the one's who brought up the issue on TOS's, thank you
too because you have enlightened me on the basis of
ethical standpoint and doing what is right....
Though most of you here, are all linux and firewall
experts. I still am hoping that someone would give
some kind of a help on this matter. It's really
ironic, that what we have learned from school are all
but mere theories, it's still up to us to apply into
practice what we have learned.
I need help and assistance here because I want to be
responsible enough that the host box I let loose as a
web server will be secure enough and not used by some
unscrupulous indviduals for other purposes. I don't
have money since I only do volunteer work and as such
could not afford to pay for additional service. I only
wanted to do this project for my family and my own
personal fulfillment using linux and open source
without any intent to harm other networks nor crack
into other systems.
Again, may I thank each and everyone of you on this
group. More power and thanks a lot.
--- "Fetch, Brandon" <BFetch@texpac.com> wrote:
> Anyone in Com-crap's (Comcast) sphere of influence
> can only dream of having
> a static IP address - either home or SOHO/business
> class of service.
> Yet another reason to use DSL (Speakeasy) to get
> your static fix.
> Brandon Fetch
> -- carpe ductum -- "Grab the tape"
> "Btw: *Most* DSL and cable broadband providers do
> have SOHO/business
> packages that allow the running of services and give
> one static IP
> addresses. Many areas of the country have alternate
> (usually DSL)
> broadband providers that can supply business-class
> connectivity. Of
> course: These options all come at a price.
> This message is intended only for the person(s) to
> which it is addressed
> and may contain privileged, confidential and/or
> insider information.
> If you have received this communication in error,
> please notify us
> immediately by replying to the message and deleting
> it from your computer.
> Any disclosure, copying, distribution, or the taking
> of any action concerning
> the contents of this message and any attachment(s)
> by anyone other
> than the named recipient(s) is strictly prohibited.
> firewall-wizards mailing list
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
firewall-wizards mailing list