Shorewall for web server?
Tim
ignored_mailbox at yahoo.com.au
Tue Dec 27 21:24:16 UTC 2005
Jeffrey Tadlock:
>> You may not want to run a webserver on your firewall from a security
>> standpoint, but that aside...
Timothy Murphy:
> Is it safer to run shorewall on another computer behind the firewall?
Shorewall is what configures your firewall, it's done on the same
computer.
> I'd be interested in any information - eg pointers to documentation -
> on making a home web-server secure (or more secure, at least).
The basic advice is to run something separate as a firewall between the
WWW and you. If you wanted to be really safe, and run a public web
server, then you'd run the web server on a separate box, too.
It goes without saying that the web server must be isolated from your
LAN, for that to be of any benefit. You route connections through your
firewall to it, and allow it to respond back out again. But you don't
allow it access to any other part of your network.
That way, if someone exploits your firewall (if possible), all they do
is muck up the firewall. Likewise, if someone exploits the web server,
all they do is muck it up. They're not able to muck up your other
terminals and servers, because they don't connect to them.
--
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
More information about the users
mailing list