Question on setting up a web server

This is a very newbie question, but I'm hoping someone can just get me
pointed in the right direction.
I work at a wastewater treatment facility. We have a (mostly) XP
peer-to-peer network. We are connected to the Internet via a DSL modem
through a Linksys router. Static IP. This has worked well for us.
A couple of months ago I got a new phone that can surf the web. "Well
wouldn't it be great if I could use that to check on the treatment process?"
I asked myself. "Yes, it would!" I answered. So I made up a tidy little web
site and wrote a VB program to generate process data trend graphs as GIFs. I
put it on one of our computers and ran TinyWeb web server. I set TinyWeb to
use a high port number and forwarded the port through the router. Works
great! Tremendously useful! However, I'm not really comfortable counting on
a high port number to keep out hackers. I'd like to move this little web
site to a Linux box to get some separation from our internal network.
Here's where it gets interesting: I have no Linux experience at all. I
downloaded IPCop and started to do an installation and quickly figured out I
was going to need to do more research. If I set up my web site on IPCop,
will I have to set the Linux box as the DHCP server? (It's currently the
router.) Can I even run the web server on the IPCop box, or is IPCop
strictly intended to be a firewall? I'm usually keen to figure these things
out myself, it's most of the fun. However, at this point I'm not even sure
which way to start.
I'm really just looking for a general idea of what would give me the
following: I need to run a web server that will only be serving static
pages. I need to be able to write GIF files every six minutes to the web
folder from inside my LAN. I don't want the LAN to be accessible to hackers
through the web server.
Thanks in advance for any assistance!
Bruce

Bruce Adams wrote:

> A couple of months ago I got a new phone that can surf the web. "Well
> wouldn't it be great if I could use that to check on the treatment process?"
> I asked myself. "Yes, it would!" I answered. So I made up a tidy little web
> site and wrote a VB program to generate process data trend graphs as GIFs. I
> put it on one of our computers and ran TinyWeb web server. I set TinyWeb to
> use a high port number and forwarded the port through the router. Works
> great! Tremendously useful! However, I'm not really comfortable counting on
> a high port number to keep out hackers. I'd like to move this little web
> site to a Linux box to get some separation from our internal network.
> Here's where it gets interesting: I have no Linux experience at all.

> I need to run a web server that will only be serving static
> pages. I need to be able to write GIF files every six minutes to the web
> folder from inside my LAN. I don't want the LAN to be accessible to hackers
> through the web server.

If you are familiar with Windows, but not with Linux, then Windows would
probably be a better platform for you to use. As for web server software,
you may want to take a look at Apache.

Thor

--
http://www.anta.net/OH2GDF

"Thor Kottelin" <thor@anta.net> wrote in message
news:43EDE1F0.2BB06E54@anta.net...
>
>
> Bruce Adams wrote:
>
>> A couple of months ago I got a new phone that can surf the web. "Well
>> wouldn't it be great if I could use that to check on the treatment
>> process?"
>> I asked myself. "Yes, it would!" I answered. So I made up a tidy little
>> web
>> site and wrote a VB program to generate process data trend graphs as
>> GIFs. I
>> put it on one of our computers and ran TinyWeb web server. I set TinyWeb
>> to
>> use a high port number and forwarded the port through the router. Works
>> great! Tremendously useful! However, I'm not really comfortable counting
>> on
>> a high port number to keep out hackers. I'd like to move this little web
>> site to a Linux box to get some separation from our internal network.
>> Here's where it gets interesting: I have no Linux experience at all.
>
>> I need to run a web server that will only be serving static
>> pages. I need to be able to write GIF files every six minutes to the web
>> folder from inside my LAN. I don't want the LAN to be accessible to
>> hackers
>> through the web server.
>
> If you are familiar with Windows, but not with Linux, then Windows would
> probably be a better platform for you to use. As for web server software,
> you may want to take a look at Apache.
>
> Thor
>
> --
> http://www.anta.net/OH2GDF

That would certainly be easier for me. But I'm very apprehensive about
security. I don't mind learning something new. But if Apache running on a
Windows machine affords good security, I'm all for it. Where would you
suggest I look for information on the trade-offs of running a web site on
Windows?
Thank you,
Bruce

Si Ballenger said:

> I'd also run zonealarm on the computer.

Why? That's one of the biggest piece-of-crap software programs ever
written. The OP already stated they were behind a hardware router. Adding a
third-party firewall, particularly one that is difficult for non-IT people
to "properly" configure, and next to impossible to completely uninstall, is
quite over-kill, and could quite possibly make configuring the web server
all the more difficult. If they want to use a software firewall, then the
XP firewall is more than sufficient for their needs.

If the OP stays with Windows, then Apache is the way to go.

--
Eggs

-Two cows standing next to each other in a field, Daisy says to Dolly "I
was artificially inseminated this morning."
"I don't believe you," said Dolly. "It's true, no bull!" exclaimed Daisy.

"Eggs Zachtly" <re@d.thereplyto.header> wrote in message
news:1dqqnwq71qgoq.dlg@sneupie.eingang.org...
> Si Ballenger said:
>
>> I'd also run zonealarm on the computer.
>
> Why? That's one of the biggest piece-of-crap software programs ever
> written. The OP already stated they were behind a hardware router. Adding
> a
> third-party firewall, particularly one that is difficult for non-IT people
> to "properly" configure, and next to impossible to completely uninstall,
> is
> quite over-kill, and could quite possibly make configuring the web server
> all the more difficult. If they want to use a software firewall, then the
> XP firewall is more than sufficient for their needs.
>
> If the OP stays with Windows, then Apache is the way to go.
>
> --
> Eggs
>
> -Two cows standing next to each other in a field, Daisy says to Dolly "I
> was artificially inseminated this morning."
> "I don't believe you," said Dolly. "It's true, no bull!" exclaimed Daisy.

Well, here's the thing... I am free to invest time into this, but not money.
(I know, they're supposed to be the same, but in the municipal world things
work differently.) I don't have a spare XP machine I can devote to this, but
I have several obsoleted computers which had been runing Win98 but should
run Linux fine. I really don't want to run this on a W98 machine, because I
want to make the information available outside of just the staff. So what
I'm thinking now is, put IPCop on one box and put 3 LAN cards in it. Plug
the DSL modem into the Red zone, the wireless router and the rest of the LAN
into the Green zone, and a second Linux box with a maybe Red-Hat Linux on it
and have the web server on that machine plugged into the Orange zone. I
haven't had a chance to read the IPCop documents closely, but it looks like
that setup would allow me to write files programatically to the RedHat
machine from inside the LAN without exposing the LAN to hackers. What I'm
not sure of is how the setup will change on the wireless router, which
currently serves as the DHCP server and Default Gateway for computers on the
LAN. Will these functions simply be transferred over to the IPCop computer?
If yes, how does the wireless router then provide connectivity for
notebooks? And let me stress, I'm not looking to get my homework done for
me, I'm just wanting to be pointed in the right direction.
Appreciate all the help,
Bruce

Bruce Adams said:

>
> Well, here's the thing... I am free to invest time into this, but not money.
> (I know, they're supposed to be the same, but in the municipal world things
> work differently.) I don't have a spare XP machine I can devote to this, but
> I have several obsoleted computers which had been runing Win98 but should
> run Linux fine. I really don't want to run this on a W98 machine, because I
> want to make the information available outside of just the staff. So what
> I'm thinking now is, put IPCop on one box and put 3 LAN cards in it. Plug
> the DSL modem into the Red zone, the wireless router and the rest of the LAN
> into the Green zone, and a second Linux box with a maybe Red-Hat Linux on it
> and have the web server on that machine plugged into the Orange zone. I
> haven't had a chance to read the IPCop documents closely, but it looks like
> that setup would allow me to write files programatically to the RedHat
> machine from inside the LAN without exposing the LAN to hackers. What I'm
> not sure of is how the setup will change on the wireless router, which
> currently serves as the DHCP server and Default Gateway for computers on the
> LAN. Will these functions simply be transferred over to the IPCop computer?
> If yes, how does the wireless router then provide connectivity for
> notebooks? And let me stress, I'm not looking to get my homework done for
> me, I'm just wanting to be pointed in the right direction.

Yes, you definately don't want to run the server anywhere near a 98
machine. =) If they're older machines, stick with RH9 as the OS. You may
have too much trouble setting up Fedora.

You're also making it much more difficult than it is. I'm not sure why you
insist on IPCop being in the loop. You should just have to have:

Modem --> Router --> LAN Machines

Configure the router to only allow access to the server from within the
LAN. These settings should be laid out pretty straightforward in the
router's configuration (usually accessed thru a web browser). You should
also be able to set specific IP addresses to the LAN machines in the
router's config. Then, allow only that specific IP range to have access to
the web server (another possibility).

Everything you need to get the server up and running, as well as support
it, are already bundled with Linux. You may want to update some of the
server stuff, but I've used RH9 plenty of times to run web servers, using
everything right out of the box.

These links may help get you started:
http://www.tldp.org/LDP/nag2/
http://www.justlinux.com/nhf/intel/tools/vicc.html
http://www.math.mcgill.ca/services/linux_basics.php
http://www.linuxheadquarters.com/how...rkconfig.shtml

HTH
--
Eggs

-Two aerial antennas meet on a roof, fall in love get married. The ceremony
wasn't much, but the reception was brilliant.

On Sat, 11 Feb 2006 17:25:52 -0600, Eggs Zachtly
<re@d.thereplyto.header> wrote:

>Si Ballenger said:
>
>> I'd also run zonealarm on the computer.
>
>Why? That's one of the biggest piece-of-crap software programs ever
>written. The OP already stated they were behind a hardware router. Adding a
>third-party firewall, particularly one that is difficult for non-IT people
>to "properly" configure, and next to impossible to completely uninstall, is
>quite over-kill, and could quite possibly make configuring the web server
>all the more difficult. If they want to use a software firewall, then the
>XP firewall is more than sufficient for their needs.
>
>If the OP stays with Windows, then Apache is the way to go.

I run apache on my XP computer along with zonealarm with no
problems. My setup has been visited by the outside world for ~5
years with no real issues. Zonealarm can give some protection
that routers are clueless to. The windows firewall may give you
more problems than benefits. I'm not an IT person and have no
problems. It is appears that you may not be "up to speed" on this
particular subject.

On 11 Feb 2006, shb*NO*SPAM*@comporium.net (Si Ballenger) wrote in
news:43ee893a.22046601@news.comporium.net:

> I run apache on my XP computer along with zonealarm with no
> problems. My setup has been visited by the outside world for ~5
> years with no real issues. Zonealarm can give some protection
> that routers are clueless to. The windows firewall may give you
> more problems than benefits. I'm not an IT person and have no
> problems. It is appears that you may not be "up to speed" on this
> particular subject.

I wouldn't be averse to a software firewall. I also run Windows Apache
on a computer that runs Sygate Personal Firewall without a problem,
although the server is never stressed very hard (I did have general
problems with Zone Alarm, so I got rid of it.) There are a couple of
other free firewalls out there. I think it's not a bad idea - you can
tell the firewall to let in only incoming traffic on a certain port and
to allow only a certain application to accept it. You can lock down all
else.

I'm not much into Linux, but I have put together a Linux Apache
machine, and it really wasn't too difficult. The propaganda has it that
Linux is a more stable server platform than Windows, and I'm inclined
to agree in this situation.

I have an idea that it would be possible to run the web server on the
same machine as IPCop, but I don't know this for sure.

"Eggs Zachtly" <re@d.thereplyto.header> wrote in message
news:4005vdldmkjs.dlg@sneupie.eingang.org...
> Bruce Adams said:
>
>>
>> Well, here's the thing... I am free to invest time into this, but not
>> money.
>> (I know, they're supposed to be the same, but in the municipal world
>> things
>> work differently.) I don't have a spare XP machine I can devote to this,
>> but
>> I have several obsoleted computers which had been runing Win98 but should
>> run Linux fine. I really don't want to run this on a W98 machine,
>> because I
>> want to make the information available outside of just the staff. So what
>> I'm thinking now is, put IPCop on one box and put 3 LAN cards in it. Plug
>> the DSL modem into the Red zone, the wireless router and the rest of the
>> LAN
>> into the Green zone, and a second Linux box with a maybe Red-Hat Linux on
>> it
>> and have the web server on that machine plugged into the Orange zone. I
>> haven't had a chance to read the IPCop documents closely, but it looks
>> like
>> that setup would allow me to write files programatically to the RedHat
>> machine from inside the LAN without exposing the LAN to hackers. What I'm
>> not sure of is how the setup will change on the wireless router, which
>> currently serves as the DHCP server and Default Gateway for computers on
>> the
>> LAN. Will these functions simply be transferred over to the IPCop
>> computer?
>> If yes, how does the wireless router then provide connectivity for
>> notebooks? And let me stress, I'm not looking to get my homework done for
>> me, I'm just wanting to be pointed in the right direction.
>
> Yes, you definately don't want to run the server anywhere near a 98
> machine. =) If they're older machines, stick with RH9 as the OS. You may
> have too much trouble setting up Fedora.
>
> You're also making it much more difficult than it is. I'm not sure why you
> insist on IPCop being in the loop. You should just have to have:
>
> Modem --> Router --> LAN Machines
>
> Configure the router to only allow access to the server from within the
> LAN. These settings should be laid out pretty straightforward in the
> router's configuration (usually accessed thru a web browser). You should
> also be able to set specific IP addresses to the LAN machines in the
> router's config. Then, allow only that specific IP range to have access to
> the web server (another possibility).
>
> Everything you need to get the server up and running, as well as support
> it, are already bundled with Linux. You may want to update some of the
> server stuff, but I've used RH9 plenty of times to run web servers, using
> everything right out of the box.
>
> These links may help get you started:
> http://www.tldp.org/LDP/nag2/
> http://www.justlinux.com/nhf/intel/tools/vicc.html
> http://www.math.mcgill.ca/services/linux_basics.php
> http://www.linuxheadquarters.com/how...rkconfig.shtml
>
> HTH
> --
> Eggs
>
> -Two aerial antennas meet on a roof, fall in love get married. The
> ceremony
> wasn't much, but the reception was brilliant.

Thank you, Eggs. That's good news if I'm making it more difficult than it
is. Because it means I have a simpler option. I had thought IPCop would be
necessary to allow access to the web site while denying access to the LAN. I
currently have the router forwarding ports from 4 XP machines: 3 to allow
use of PCAnywhere and now the 1 to allow access to TinyWeb. PCAnywhere has
its own security, but the web server, as far as I know, is only protected by
my use of a high port number. As Mr. Ballinger has observed, I am not up to
speed on this issue. So I can put RH9 running the web server with the site
available to the outside world on one of the older machines, be able to
write to it from an XP machine inside the LAN but still have the LAN
unavailable to the outside world? (I hope my meaning got through that
twisted syntax.) That's very encouraging! I will start to read the info at
the links you've provided and also download RH9 to do a test installation.
Thank you!
Bruce

Si Ballenger said:

> On Sat, 11 Feb 2006 17:25:52 -0600, Eggs Zachtly
> <re@d.thereplyto.header> wrote:
>
>>Si Ballenger said:
>>
>>> I'd also run zonealarm on the computer.
>>
>>Why? That's one of the biggest piece-of-crap software programs ever
>>written. The OP already stated they were behind a hardware router. Adding a
>>third-party firewall, particularly one that is difficult for non-IT people
>>to "properly" configure, and next to impossible to completely uninstall, is
>>quite over-kill, and could quite possibly make configuring the web server
>>all the more difficult. If they want to use a software firewall, then the
>>XP firewall is more than sufficient for their needs.
>>
>>If the OP stays with Windows, then Apache is the way to go.
>
> I run apache on my XP computer along with zonealarm with no
> problems. My setup has been visited by the outside world for ~5
> years with no real issues. Zonealarm can give some protection
> that routers are clueless to. The windows firewall may give you
> more problems than benefits. I'm not an IT person and have no
> problems. It is appears that you may not be "up to speed" on this
> particular subject.

I'm quite "up to speed", thanks. I remotely deal with connection issues
with users, cross platform, on a daily basis. Many users think that because
it's a part of Windows, the XP firewall is subpar. Actually, the opposite
is quite true, providing the user takes the time to actually configure it,
properly. Zone Alarm's point-and-click interface for allowing programs
access is quite inefficient, IMO. That holds true for any security-related
software. That, and the (in)ability to completely uninstall using the
uninstall routine (ZA's biggest bug, and my biggest reason for detesting
it, so. I see so many connection issues, related to ZA running *after* the
program was "uninstalled", it's almost amazing).

As the OP seems to be leaning towards Linux, he'll have the option to set
up a software firewall that ZA can't even begin to touch in effectiveness,
should he so choose. Definately the best option, considering what they want
to accomplish.

--
Eggs

- Listen: Strange women lying in ponds distributing swords is no basis for
a system of government! Supreme executive power derives from a mandate
from the masses, not from some... farcical aquatic ceremony!