At 01:02 AM 5/9/00 , Volker Kindermann wrote:
>Hi Darren,
>
>
> > I'd like to set up apache as an internal webserver
> > on a small network. I'd like to deny any requests
> > from 'outside', and only allow local machines to connect,
> > and retrieve webpages.
>
>[snip]
>not directly apache-related, but how is your network connected to the
>internet? I would harden this with some packet filtering rules like:
Wow, I just sat down to ask this question! I want to run some services
that are accessible locally but which do not appear to be running from the
outside. I have a Linux 6.1 machine Masq'ing a small LAN on the @Home
network. "Servers" are forbidden on this network and they scan me 12 times
each day looking for illegitimate servers, only port 119 so far. I would
like to run news (I want to gate some mail lists to INN and look into
sucking a feed) and http. The local LAN is 192.168.0.x with .1 as the
gateway and I have a static IP for the second interface connected to the
cable modem.
Let's start with port 80. I thought IP Chains would be the best way to
control access to services. My approach was to sit down with the IP Chains
mini how-to. I succeeded in blocking port 80 (I think) and I could still
surf on the Linux machine but the next day my wife was wondering why the
Windows machines on the LAN couldn't connect to any web pages even though
other services worked. Oops!
So, I guess traffic from my LAN goes down the input chain... makes sense in
retrospect. How would one write an IP chain that blocked access from
outside my LAN to specific ports. I bet this is a simple question--so
simple that you're asking yourself, "Why doesn't this dummy just figure it
out himself?" but (1) I'm frustrated from groping with trial-and-error and
(2) this is hard to test and I would like to avoid a hassle with @Home
because I got it wrong.
Thanks!
-Alan
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
