Re: How to direct packets to my server. DOES THIS LOOK RIGHT?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Zoilo <zoilo@xs4all.nl>
To: Joel Linuxdude <linuxlists@hotmail.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: How to direct packets to my server. DOES THIS LOOK RIGHT?
Date: Sun, 15 Dec 2002 16:08:45 +0100	[thread overview]
Message-ID: <3DFC9AFD.6020403@xs4all.nl> (raw)
In-Reply-To: <F22R4BnmJZBRZ2ZBHQB0001f322@hotmail.com>

Joel Linuxdude wrote:
> My Netfilter firewall (unfortunately) is running also
> my Apache web server, FTP server and Telnet daemon.
> I honestly think this is ok but its confusing me with
> the whole firewall aspect.

Yes and no, i.e. I can agree with the concept, but I really disagree 
with the provided services.

It is OK to provide some services from your firewall, provided that they 
are *secure* services. I would recommend to replace telnet and ftp by 
openssh, as telnet and FTP are both serious security hazards.

Openssh provides sshd (daemon running on your firewall), ssh (secure 
telnet replacement), sftp (secure ftp replacement) and scp (secure 
remote copy); "grep ssh /etc/services" and "grep sftp /etc/services" 
will tell you which ports to open. In case you need to login from a 
Windoze-machine, a utility called "putty" is available on the internet 
for download.

Also make sure that your Apache server software is up-to-date, and *if* 
you use PHP (or you don't, but it is enabled), then carefully check the 
settings in /etc/php.ini: in particular register_globals and 
register_argc_argv should be set to Off, unless you want the whole world 
to be able to setup an environment for your PHP scripts....

With these precautions, I believe that your firewall would be quite well 
protected.

-- 
Z.
---------------------------------------------------------
If all you have is a hammer, everything looks like a nail
---------------------------------------------------------

     prev parent reply	other threads:[~2002-12-15 15:08 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-12-15  5:33 How to direct packets to my server. DOES THIS LOOK RIGHT? Joel Linuxdude
2002-12-15  6:51 ` Rob Sterenborg
2002-12-15 11:42 ` Roy Sigurd Karlsbakk
2002-12-15 15:08 ` Zoilo [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3DFC9AFD.6020403@xs4all.nl \
    --to=zoilo@xs4all.nl \
    --cc=linuxlists@hotmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.