From owner-freebsd-questions@FreeBSD.ORG Thu Jan 20 00:09:19 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F24316A4CE for ; Thu, 20 Jan 2005 00:09:19 +0000 (GMT) Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 317DC43D41 for ; Thu, 20 Jan 2005 00:09:19 +0000 (GMT) (envelope-from list-freebsd-2004@morbius.sent.com) Received: from frontend3.messagingengine.com (frontend3.internal [10.202.2.152]) by frontend1.messagingengine.com (Postfix) with ESMTP id D0D49C501BE for ; Wed, 19 Jan 2005 19:09:17 -0500 (EST) X-Sasl-enc: UCHlnta88BIDyS56Sa1Ucg 1106179756 Received: from gumby.localhost (dsl-80-41-78-107.access.uk.tiscali.com [80.41.78.107]) by frontend3.messagingengine.com (Postfix) with ESMTP id 083FA247F3 for ; Wed, 19 Jan 2005 19:09:15 -0500 (EST) From: RW To: freebsd-questions@freebsd.org Date: Thu, 20 Jan 2005 00:09:00 +0000 User-Agent: KMail/1.7.2 References: <41EE0A7B.0@att.net> In-Reply-To: <41EE0A7B.0@att.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200501200009.01258.list-freebsd-2004@morbius.sent.com> Subject: Re: Security for webserver behind router? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 00:09:19 -0000 On Wednesday 19 January 2005 07:21, Jay O'Brien wrote: > I've brought up a 5.3 Release machine as a learning tool, > with apache 1.3. It is on a LAN with Windows machines, and > port 80 (and only port 80) is open and directed by the > Linksys router to the FreeBSD machine. It is working fine so > far, but my learning curve is slower than I would like. > > I know that there's lots to learn and do later about > security, when I bypass the Router and use the FreeBSD box > as the NAT device, but for now I would like to confine my > learning to Apache, with only port 80 open. I do have ftp > and ssh enabled on the LAN for access by the Windows boxes. > > As I haven't done anything for security on the FreeBSD > machine, am I exposed to anything by having port 80 open? Is > there anything I should do now? It's in the nature of any webserver software that it provides rich picking for hackers. If it's a learning tool, don't expose apache to the internet, you can test it perfectly well from your local network. If you want to access it from a remote location, then setup your FreeBSD firewall to allow access from a limited range of ip addresses.