At 10:13 PM 12/27/01 +0000, djoutlaw outlaw wrote: >I am using Charles Steinkuehler's LEAF/LRP 2.2.19 and I have changed the Tcp >ports to be able to see my apache webserver. What do I need to change in >the network.cfg file to be able to stop someone from getting into the >webserver and then moving on into the network? > >Please be gentle this is my frst post.
To get a meaningful answer, I think you'll need to explain in a bit more detail what you did. Particularly, in "I have changed the Tcp ports to be able to see my apache webserver", what does "see" mean exactly? Are we talking about a Web server with its own real IP address, for example, or one with a private-range address and port 80 forwarded to it from the router? If you are port forwarding, what ports besides 80 (and perhaps 443) are you forwarding? If you are forwarding only ports 80 and 443 to a private address, you should need to do nothing special on the LEAF router (assuming "Charles Steinkuehler's LEAF/LRP 2.2.19" refers to something reasonably up to date, like EigerStein or DachStein). You do need to make sure your Web server OS and apache are sufficiently up to date that they pose no security risks. If you are firewalling a Web server with its own IP address, you probably want to limit which ports incoming traffic from off-LAN can access. There is no one-size-fits-all rule for this, though; you need a security setup that is adapted to what you want to accomplish. -- ------------------------------------"Never tell me the odds!"--- Ray Olszewski -- Han Solo Palo Alto, CA [EMAIL PROTECTED] ---------------------------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
