[fw-wiz] About Port Forwarding, Apache and Firewall Rules - conclusion

From: Servie Platon (servie_tech_at_yahoo.com)
Date: 08/30/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] VPN endpoints"
    To: "Fetch, Brandon" <BFetch@texpac.com>
    Date: Mon, 30 Aug 2004 14:18:09 -0700 (PDT)
    
    

    Dear Sirs:

    This, I think will be my last post on this thread.

    Again, I am so sorry if I may have irked someone with
    regards to TOS's. I know I may have asked the wrong
    question or may have the wrong intentions as per TOS
    agreements, I admit, my mistake and fault. My
    apologies to everyone.

    I thought that open source and user groups such as
    this, is aimed in helping those people who is
    interested and in need. I am not a linux expert nor a
    firewall guru like most of you guys, so that is why I
    have posted in here.

    For the peace of mind of everyone on this thread and
    with the one's who work for cable ISP's for that
    matter. Let me reiterate that I intend to setup this
    website via DSL service which does not have the TOS
    restrictions. The problem with TOS issue has been
    resolved, end of the story.

    But what I am asking here is, since I am doing the
    testing here at my house and I use my cable ISP. I
    wanted to make sure first what iptable rules is ideal
    for my apache box. Still, I need to do the testing
    first, like check if it could be accessed from the
    outside and so on?

    Again, let me point out that I am just testing out
    first the box before I let this loose in the open by
    connecting this through my cousin's house with a DSL
    service, I would just like to know from anyone who has
    a good samaritan nature. What's the best iptable rules
    to enforce on my box considering I connect this box to
    a DMZ port on my linksys router where my apache box
    listens to port, ie. 555?

    The questions raised before were:

    1. If I assign a different port would it be a security
    threat or easier for someone to break in my box? Or
    port 80 and any other ports, doesn't matter at all.

    2. I used port forwarding and a webhop service from
    dyndns.org which redirects connections from port 80 to
    my box. Having the linksys router do the port
    forwarding alongside my susbscription with dyndns.org
    to do webhop. I would like to know if there are
    additional configuration that I should do on my
    linksys for additional rules to implement.

    3. This too goes with my apache box. What iptable
    rules should I use?

    As I have said before, restricting root access,
    applying security patch for my linux distro, compiling
    the kernel and/or compiling apache from source, enable
    SSH service, TCP Wrappers, installing IDS, tripwire
    along with snort among other tools to secure my host
    has been considered.

    On this regard, may I take the opportunity for those
    people who had been nice enough to reply to this
    thread and have showed interest in helping out. My
    sincerest and grateful thanks to all of you. And for
    the one's who brought up the issue on TOS's, thank you
    too because you have enlightened me on the basis of
    ethical standpoint and doing what is right....

    Though most of you here, are all linux and firewall
    experts. I still am hoping that someone would give
    some kind of a help on this matter. It's really
    ironic, that what we have learned from school are all
    but mere theories, it's still up to us to apply into
    practice what we have learned.

    I need help and assistance here because I want to be
    responsible enough that the host box I let loose as a
    web server will be secure enough and not used by some
    unscrupulous indviduals for other purposes. I don't
    have money since I only do volunteer work and as such
    could not afford to pay for additional service. I only
    wanted to do this project for my family and my own
    personal fulfillment using linux and open source
    without any intent to harm other networks nor crack
    into other systems.

    Again, may I thank each and everyone of you on this
    group. More power and thanks a lot.

    Sincerely,
    Servie

    --- "Fetch, Brandon" <BFetch@texpac.com> wrote:

    > Anyone in Com-crap's (Comcast) sphere of influence
    > can only dream of having
    > a static IP address - either home or SOHO/business
    > class of service.
    >
    > Yet another reason to use DSL (Speakeasy) to get
    > your static fix.
    >
    > Brandon Fetch
    > 817-871-4036
    > -- carpe ductum -- "Grab the tape"
    >
    >
    > "Btw: *Most* DSL and cable broadband providers do
    > have SOHO/business
    > packages that allow the running of services and give
    > one static IP
    > addresses. Many areas of the country have alternate
    > (usually DSL)
    > broadband providers that can supply business-class
    > connectivity. Of
    > course: These options all come at a price.
    >
    > Jim"
    >
    >
    > This message is intended only for the person(s) to
    > which it is addressed
    > and may contain privileged, confidential and/or
    > insider information.
    > If you have received this communication in error,
    > please notify us
    > immediately by replying to the message and deleting
    > it from your computer.
    > Any disclosure, copying, distribution, or the taking
    > of any action concerning
    > the contents of this message and any attachment(s)
    > by anyone other
    > than the named recipient(s) is strictly prohibited.
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    >
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >

                    
    _______________________________
    Do you Yahoo!?
    Win 1 of 4,000 free domain names from Yahoo! Enter now.
    http://promotions.yahoo.com/goldrush
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul D. Robertson: "Re: [fw-wiz] VPN endpoints"

    Relevant Pages

    • Hacker problem...Takes down apache?
      ... It seems to be doing *something* to break Apache in an attempt ... When connecting to port 80 on the web server with a web browser a "page ... However sockstat still shows httpd listening on port ...
      (freebsd-questions)
    • Re: File permissions for a wiki-like site
      ... to a single web server went out with browsers that don't understand ... Actually you can, and often do, have multiple instances of Apache listening on port 80.. ...
      (comp.lang.php)
    • Re: File permissions for a wiki-like site
      ... to a single web server went out with browsers that don't understand ... Actually you can, and often do, have multiple instances of Apache listening on port 80.. ...
      (comp.lang.php)
    • Re: Error 49, socket problem?
      ... I doubt it's a DoS attack, however it could very well be. ... apache runs on port 80 and 81. ... I've ruled out that it's a problem with the MySQL server in this case, ...
      (freebsd-net)
    • RE: possible ssh hack
      ... What version of SSHD were you running, ... Apache and we can help you out. ... Subject: possible ssh hack ... port 4207 ...
      (Incidents)