Re: [Firestarter-user] Web server firewall setup

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Fri, 20 Jul 2007, Nikolaos Anagnostou wrote:

> What I would like to know is whether I need to change anything in the
> iptables configuration (ip ranges etc).
> I installed firestarter to make my
> life a bit easier, but then it occurred to me that setting up a second
> firewall behind the company's hardware firewall might be overkill. Or not?

It's overkill if you are thinking about outside threats, but of course 
there could be someone at the company that would try to access the machine 
falsly, in which case a firewall could be usefull.

> If a workstation in the LAN is compromised, is the internal web server
> vulnerable with the default iptables configuration?

Only if you have given that ip-address full access and you are running 
something that listens to "remote" connections, like a badly configured 
SMTP, if you don't have any extra services running, more than SSH and 
Apache, there won't be any extra risks.

> Also, what will happen to the HTTP and SSH ports when the firestarter wizard
> completes? Will these ports close? I would want to lock myself out of the
> server... :)

I never run the GUI directly on a machine where it will be running, I 
first configure it on my desktop machine, copy the scripts over to the 
server, that way I know it work at once as I wish, When I change settings 
I do usually edit the script files directly on the server.

-- 
      //Aho

  ------------------------------------------------------------------------
   E-Mail: tr...@in...            URL: http://www.kotiaho.net/~trizt/
      ICQ: 13696780
   System: Linux System                       (PPC7447/1000 AMD K7A/2000)
  ------------------------------------------------------------------------
             EU forbids you to send spam without my permission
  ------------------------------------------------------------------------