Sounds like a good setup so far. If you only let in tcp/80 or tcp/443 the next step is to make sure the OS and web server software are patched and setup per recommended security hardening procedures.
Ben On Thu, 30 Sep 2004 10:38:13 -0500, Andrew Nance <[EMAIL PROTECTED]> wrote: > Hi, > > I am running Bering-uClibc 2.2. > I am still very new to all this so your patience is appreciated. > I have multiple static IP addresses and am using the ProxyARP feature to use > two of my IP addresses for my web server (serving two domain names) and > another one for my media server. I have my media server broadcasting using > the http protocol on port 80 so as to not be blocked by the firewalls of the > people trying to view the video. > Everything seems to work like it should, the LEAF blocks all port > scans/requests from the NET to the DMZ except port 80 TCP. > I have also allowed the DMZ full access to the NET in order to install OS > updates. I don't surf the internet, check email, or anything not server > related from the server. > Soon, I believe I will have to open a port (443 I think) for SSL connection > of my web server. I will have two SSL's, one for each of my web server > IP's. > > My question is, is there any more I can do to "harden" my LEAFirewall to > protect my web server or my firewall for that matter? > Is there module or package I should enable or load to assist in protecting > my web server? Or perhaps some shorewall settings? > > Thanks, > Andrew > > ------------------------------------------------------- > This SF.net email is sponsored by: IT Product Guide on ITManagersJournal > Use IT products in your business? Tell us what you think of them. Give us > Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more > http://productguide.itmanagersjournal.com/guidepromo.tmpl > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
