security question

This is a discussion on security question within the Apache Web Server forums, part of the Web Server and Related Forums category; I am allowed two ip addresses, so have been using one for the web server, the other for a d-...


Go Back   Usenet Forums > Web Server and Related Forums > Apache Web Server

Reload this Page security question

FAQ Members List Calendar Search Today's Posts Mark Forums Read

 

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-29-2006
Stuart Miller
 
Posts: n/a
Default security question
I am allowed two ip addresses, so have been using one for the web server,
the other for a d-link router/firewall with all the family computers behind
it.

This is fine, except for needing either ftp or 'sneakernet' for moving files
onto the server.

As I see it, to get fast convenient file transfers I could
1 - put the server behind the firewall as well, allowing access only to port
80 of that machine
then start samba or smb4k to move files when i need to, stop them when
done.
2 - leave the server outside but put in a second nic configured to attach
only to samba or
smb4k, and starting samba or smb4k when needed, or perhaps just start
the second
card when needed.
3 - have the server outside but move the cable over to the router when i
want to move files
This works but needs some reconfiguring and/or a reboot each time

I had always considered it appropriate to have the server outside of the
home network, in case there was some way of an apache hack making it
possible to access my network. Is this necessary? Is there a significant
risk of this?

Are these options workable? Any other choices?

It was possible but inconvenient to start ftp, move files, and stop it. The
current release of mandriva does not show proftpd as an option, and I really
do not want to learn a whole new set of things for another ftp server or ssl
when I am trying to learn web page design.

Thanks
Stuart
  #2 (permalink)  
Old 06-29-2006
patpro ~ patrick proniewski
 
Posts: n/a
Default Re: security question
In article <InJog.103587$iF6.100270@pd7tw2no>,
"Stuart Miller" <stuart_miller@shaw.ca> wrote:

> 2 - leave the server outside but put in a second nic configured to attach
> only to samba or
> smb4k, and starting samba or smb4k when needed, or perhaps just start
> the second
> card when needed.


if you want to go with this solution, you can try this :

- the 2nd NIC must be pluged on your Dlink and configured with a private
IP address (may be DHCP if your router supports it).
- apache can listen on this address too
- ftp should listen only on this private address (or SMB/NFS/... if you
prefer)
- the server must not act as a router it self (routing packets between
private address and public address.

but keeping the server into your LAN sounds a good idea too. Your router
should be able to NAT your public IP address (port 80) to the private
address of your server (port 80). This way, you wouldn't have to worry
too much about security, and your server would be fully accessible on
the LAN. The only drawback of this method is that you can't browse your
web site using your public IP (http://public-ip/) when you are plugged
on your LAN, you must use http://private-ip/.


patpro

--
http://www.patpro.net/
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:01 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0