[ale] web server network

Greg runman at telocity.com
Wed Feb 13 20:59:30 EST 2002


That's way more than you really need to host a couple pages !! :-)  I would
suggest checking out a firewall called smoothwall or the more GPL'd-kinda
fork, called IPCop (on SourceForge).  It run on anything ( I am running it
on a 75 MHz Pentium with 32 MB of RAM and an 812 MB HD and before that I
used a 486).  It will provide you with a secure private network and a pretty
secure public network (DMZ).  You might want to put your router in as a
bastion firewall or chokepoint firewall or just keep it... it's really up to
you.  OpenBSD using pf or Linux running iptables does a good job too.  I
would suggest that your firewall be only for firewalling (like an appliance)
and that anything that could help a cracker be removed (vi,nmap,etc...).  It
is one thing to have it turned off and another to have it removed.
Smoothwall/IPCop will also provide NAT, dhcp, proxying and other stuff for
your private network. It is web configurable, provides logging, and usage
tables.  If you move on to running scripts/perl mod/ php/ Java/  movable
type /whatever, then the 500 MHz box would come in handy.  I would only
suggest a strong anti-viral program (on all machines), a backup plan, and
looking at the logs on a schedule to know what's going on.  For security, it
all comes down to judgment - you have to decide on how much security you
want versus what it takes to get it.

I would use Apache and add the features that you need / want to use. I think
that OpenBSD is more secure than Linux, but also a bit more user-unfriendly,
but then again I don't install any GUI stuff on my servers and I am a
paranoid type, so that is just my preferences.

I am assuming that you have a static IP (or you could use something like
dyns.cs or dyndns.org or noip.com or whatever) and are going to get a domain
name registered.

At any rate, good luck

Greg Canter

> -----Original Message-----
> From: Stephen Turner [mailto:artic_knight at yahoo.com]
> Sent: Wednesday, February 13, 2002 7:07 PM
> To: ale at ale.org
> Subject: [ale] web server network
>
>
> ok im a NOOBIE at setting up networks so let me get
> that out in the beginning :) anyways, before i screw
> something up, pay too much, or genneraly make a
> mistake i could have avoided i wanted to ask you guys
> first. im hosting my own web page (nothing that will
> draw a crowd) off my own server off a cable modem
> within a current hosehold lan. this lan is required to
> stay up due to internet classes. i may or may not need
> a seperate hardware firewall thats one purpose of
> writeing this message, the router is a linksys
> dsl/cable router with 4 port switch and currently
> supplys a internet connection for 4 pcs i am about to
> add the webserver to the list, it will be a 500 mhz
> 256 sdram pc, is this suffice? it will host anywhere
> from 1 to 4 web pages online. (this isnt one of my
> experiments) so what is the most stable, reliable,
> lightweight http server i can use? i understand there
> isnt a best but more like best for me so i ask for
> your input, i should limit the accessability to the
> server to only physical access to change anything on
> it i know this for sure, should i do this on the
> server? or add a seperate firewall? if i add this
> firewall should it be placed before the router? or
> after the router only limiting access to the server?
> also if i do add a seperate firewall, whats a cheep,
> tiny, good firewall product? aka, a certain desktop
> pc, laptop, small box designed for it, what ever? i am
> wondering what you gurus would suggest by personal
> opinion? the only drawback is the pcs run random
> software which can change at the drop of a hat and i
> would never know so limiting access to specific ports
> may not be good for all the houshold pcs. video games
> internet chat programs etc. anyways whats everyones input?
>
> __________________________________________________
> Do You Yahoo!?
> Send FREE Valentine eCards with Yahoo! Greetings!
> http://greetings.yahoo.com
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info.
> Problems should be
> sent to listmaster at ale dot org.
>
>
>


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list