About Port Forwarding, Apache and Firewall Rules

[Servie Platon <servie_tech () yahoo com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi everyone,

I would like to host own personal family website at
home. I have a linksys firewall/router and have placed
the apache/postfix server on the DMZ port of linksys.
I have installed only the required services and
packages, compiled apache from source among other
stuffs. I need to further bastionize my machine with
this groups help.

Due to the limitation of my cable ISP, which blocks
ports 80 I could not make my personal website
available. The workaround is to configure port
forwarding on linksys and configure apache to listen
on a port other than 80. My family/home website works
fine but before I connect the cable, I need to ask you
firewall wizards and gurus out there.

My questions are the following:

1. Since I used the port forwarding feature on my
linksys and assigned a non standard port for httpd to
listen. Would this be a security problem for my
bastion host and private network considering apache
should always be listening on port 80 only?

2. If so, what configuration or firewall rules should
I put in place on my linksys router? I just configured
the router to do port forwarding only. I am uncertain
if there are other stuffs that I should consider on my
linksys to protect my other two computers at home?

3. What is the best or most ideal iptables rules for
my apache? I just need the functionality of  remote
access and administration. I know the best way for
this is via SSH. But what are the rules that will
allow me to enter and do system changes and at the
same time being as restrictive as possible?

4. And finally, what other security measures should I
enforce on my bastion host so that I can sleep better
at night?

Thanks in advance.

Sincerely,
Servie


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1

iQIVAwUBQTCON3pcC4/WDayXAQK3GQ//e55UXGdHp+t4RyFOT5yAn4JkOwkFzSOe
fdMUvHhwtB5O4l/7o2MIR8V/mfp9j2freCb8zj9PsHo2KeO9ENUBvprg1nR3j/Sd
YbP47FMltFnQ9aS2NaPWIJ5nPWO7Byfdh1waxErEXGFRtM/SeuQjJPV0rkVHruO2
znz9rH1MU17fFcrKYAS92i5wUO/IGE6YfeTPxgbxHqEd78b3iXMql24EWEYMj7aF
9GYkkxeQnWPO3kifHsWC5OtA2CwqLMdPr9S8xRH9qrpkqeX0o/e7xUqn23xiG1/A
mHHrz9AdXjMRUTLf0cZifwelQDZxZwGlMbM5Yh+4aaCUKJ3+7q5fsnpgRv8rOzS2
QS5UL417iQ6N59CoOQw6IfFaFL1juufEOtycsxllffObsKn050HuRL9AYMwXL3FI
GBArPeN4otk1jb9PUQ7DiMDHBgURnTI4eQprlN4wjj/byavjzsVNC8qABRFnzyOS
wWq9dFVRwRVolkqgznQvcnEO91Dk3t3QKaZlvQKpKKy3866wXdnrog+YZ2Qwr6wD
tax9DqeX8vL9PIefn/X3trVh6oXh6i+riobLnxsGl3SIVSN4E5WcdYYcDP2CrSP0
eI5cKRvouDSt52w3E3Hf+NSEZRrRob6738iF8Sl/ZaALEPIvSfiT5g37A82IifJW
dE02WyaRD8E=
=sTAx
-----END PGP SIGNATURE-----



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards