Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: bakedjake
i'm working on linux-apache-php-mysql combination and i'm new to this combination. i installed everything on my box. i would like to make my system( part of intranet having its own static ip address) web server for the web site i'm developing. i can view pages on my server system using http*//aaaaa.bb.ccc.ddd(localdomain.localhost)/ee.html. the problem is that i can not access my server from a remote system using the static ip address of my server. what would be the right approach for my problem?
[edited by: engine at 9:50 am (utc) on Jan. 24, 2003]
[edit reason] de-linked [/edit]
You may like to review other related threads on this forum, like Apache works locally (on LAN) but not remotely (Internet) [webmasterworld.com] or viewing pages on a local apache [webmasterworld.com].
I came to know that Linux default network configuration denies any request from a remote system.so, I could get web pages from my server if i run "service ipchains stop" which removes default firewall settings making my server accessible from a remote system but making it vulnerable by removing firewall settings. what should i do to make it secure. will installing secure web server( mad_ssl+openssl) work for me in that case?
What you need to do is to configure ipchains to allow traffic through the port 80, the default for a web server. What a firewall really does is blocking traffic through ports you know are not needed for normal operation, i.e. all except the one you explicitely need.
is there anyway that i can assure that the server is as secure as any other server on the internet
If you only open up port 80 (tcp) on the server, then the other services on the server will still be inaccessible. With computers on the internet, you want as few as possible services accessible to the outside world.
Testing strategies could include running a port scanner on the whole server using both TCP and UDP protocols - this should be run from a remote machine. nmap is quite a useful tool for this. There are further tools available such as Nessus, which is a security auditing tool. These will actually probe your open services for any known vulnerability and report back to you. Again, this is best run remotely so you can know exactly what a potential hacker can see.
Another route to go down would be monitoring, in conjunction with testing. Install something like logcheck to automatically email you your system logs containing any suspect behaviour. Run tripwire nightly. Run chkrootkit nightly. Look at the reports these utilities provide you with!
And of course, take backups, just in case the unthinkable happens. :)