On Wed, 29 Dec 1999 17:30:13 -0500 (EST), Oommen Thomas wrote:
>
> Hi all,
>
> I have a problem in setting up a web server within a firewall.
> The setup is as follows.
> a) There is a webserver(1) with an Internet IP and there are links to
> pages on the Internal webserver(2)
> b) We added the following on the firewall -
> ipmasqadm portfw -a -P tcp -L Firewall-IP 9000 -R 172.16.100.2 80
> All this, using ipchains/ipmasqadm and not any proxy like TIS FWTK.
>
> I know this is possible, but how?
>
You need to think very carefully about this. I don't know what type of network
you're firewalling, but if it's worth the effort in putting up a firewall, it's
worth taking into consideration all the problems running things like web servers on
them can cause.
The purpose of your firewall is to protect your network. Usually one does that
by restricting absolutely everything, and then giving permissions for the inside
network to get out and do what they need to do and nothing more. You tell the
machine to ignore icmp traffic, you tell it to divulge nothing about the OS, the
platform nor what it has on it. You want it to be as vague as possible.
If you start running services, you provide another path to exploit and a way for
people to get into your network. It's just not a good idea to attempt what you're
trying to do.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
