[Gllug] Secure mail access with Apache and MySQL running?
Doug Winter
doug at pigeonhold.com
Thu Jan 9 13:47:26 UTC 2003
On Thu 09 Jan Garry Heaton wrote:
> This isn't a server. Just a home web development box. No mail "system".
> I've read that generally it's a good idea to run as few services as
> possible when connected to the internet so, without going into the
> details of securing a server, I generally close-down Apache and MySQL
> before connecting to the internet. However, I'd prefer to be able to
> remain connected while running Apache and MySQL, ie. only run the
> services locally on 192.168.1.2
>
> I don't have a firewall/router. Only dial-up.
You *definately* want to be using the built-in packet filtering
capabilities of your kernel. No machine should be connected to the
internet without packet filtering in place, IMO. It allows you to apply
whatever policies you have (which in a dial system are normally pretty
straightforward) without having to learn the intricacies of all the
processes you have running.
iptables is the standard for 2.4 kernels, but it is unfortunately
difficult to configure and IMO is non-intuitive compared to Darren
Reed's ipf and OpenBSD's pf.
There are some tools to make it easier - fwbuilder is a gui that i've
heard is worth a try:
http://www.fwbuilder.org/
Hopefully some of the others on this list will have some helpful
suggestions on where to start.
Cheers,
Doug.
--
Ceçi n'est pas une cuillère
key 1024D/6973E2CF print 2C95 66AD 1596 37D2 41FC 609F 76C0 A4EC 6973 E2CF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20030109/82ddbbfa/attachment.pgp>
More information about the GLLUG
mailing list