hello trent,
"Trent M. Gunnarson" a �crit :
>
> Hello all,
>
> I'm interested in allowing web access to my firewall but at the moment I'm
> baffled as to how I would go about it. The httpd-naat server seems to be a
> special modification of the standard apache install, but there are also
> regular apache config files too. I'm the only person with shell access to
> the server so I don't need to allow public_html directory access from home
> directories. I just want a simple config that allows static web pages and
> maybe cgi access for simple perl scripts (like flat file dbase).
>
> I'd appreciate not getting flames like "don't do that on a firewall" "it
> would be better if you used port forwarding to another box" "use mySQL for
> your database" . I'm running a 4 computer home network for me, my wife and
> kids on ADSL. The only computer left running when we go to bed is the
> firewall and I'm quite happy about that. I'm running ipchains (of course)
> and portsentry and feel relatively secure in my configuration. I'd just
> like to have external web access for friends and family.
>
> Thanks In Advance (TIA)
>
> Trent M. Gunnarson
> [EMAIL PROTECTED]
you are right, in the cooker-firewall we have a special config file for
apache ( called httpd-naat).
The binary and all libraries are exactly the same. Only the config file
are different.
We have made this type of configuration to clearly separate the web
server dedicated to web administration, from
the classical web server dedicated to common web page publishing.
(example: start httpd-naat on a secure port on 8443, make acces
restriction, load special modules...)
In you case, you have 2 solutions:
the first one , you describe and you don't want to hear :=)
the second one, is to use the classical apache configuration file found
in /etc/httpd/conf/httpd.conf
The default configration file support your needs ( static web pages,
cgi, and no public_html ).
In shell access, you have to :
add httpd at the end of /etc/security/msec/server.4
add httpd services in init script ( chkconfig --add httpd )
launch the httpd services from shell access, ( service httpd restart )
now you 'll have two running copy of apache:
one on port 80 ( classical web server httpd)
and another on port 8443 ( httpd-naat)
You need to open 80 port in internet services too.
Sincerely
--
Philippe Libat <[EMAIL PROTECTED]>
Linux-Mandrake http://www.linux-mandrake.com
_____________________________________________
Think Different, Think Linux
