From owner-freebsd-questions@FreeBSD.ORG  Thu Jan 20 02:49:00 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5FEA616A4CE
	for <questions@freebsd.org>; Thu, 20 Jan 2005 02:49:00 +0000 (GMT)
Received: from mtiwmhc13.worldnet.att.net (mtiwmhc13.worldnet.att.net
	[204.127.131.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CC6B443D5C
	for <questions@freebsd.org>; Thu, 20 Jan 2005 02:48:52 +0000 (GMT)
	(envelope-from jayobrien@worldnet.att.net)
Received: from [192.168.1.6]
	(dsl093-180-184.sac1.dsl.speakeasy.net[66.93.180.184])
	by worldnet.att.net (mtiwmhc13) with ESMTP
	id <2005012002484911300o3091e>          (Authid: jayobrien@att.net);
	Thu, 20 Jan 2005 02:48:49 +0000
Message-ID: <41EF1C10.2090106@att.net>
Date: Wed, 19 Jan 2005 18:48:48 -0800
From: Jay O'Brien <jayobrien@att.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.2) Gecko/20040803
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: FreeBSD - questions <questions@freebsd.org>
References: <41EE0A7B.0@att.net>
	<200501200009.01258.list-freebsd-2004@morbius.sent.com>
In-Reply-To: <200501200009.01258.list-freebsd-2004@morbius.sent.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: Security for webserver behind router?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jan 2005 02:49:00 -0000

RW wrote:

> On Wednesday 19 January 2005 07:21, Jay O'Brien wrote:
> 
>>I've brought up a 5.3 Release machine as a learning tool,
>>with apache 1.3. It is on a LAN with Windows machines, and
>>port 80 (and only port 80) is open and directed by the
>>Linksys router to the FreeBSD machine. It is working fine so
>>far, but my learning curve is slower than I would like.
>>
>>I know that there's lots to learn and do later about
>>security, when I bypass the Router and use the FreeBSD box
>>as the NAT device, but for now I would like to confine my
>>learning to Apache, with only port 80 open. I do have ftp
>>and ssh enabled on the LAN for access by the Windows boxes.
>>
>>As I haven't done anything for security on the FreeBSD
>>machine, am I exposed to anything by having port 80 open? Is
>>there anything I should do now?
> 
> 
> It's in the nature of any webserver software that it provides rich picking for 
> hackers.
> 
> If it's a learning tool, don't expose apache to the internet, you can test it 
> perfectly well from your local network. If you want to access it from a 
> remote location, then setup your FreeBSD firewall to allow access from a 
> limited range of ip addresses.
> 

Thanks, but what I want to know is what risk I have with port 80, 
and only port 80 open. 

Jay