<step 1>
Yes, this is fine. For servers, you want to use a fixed IP address and not one assigned automatically by DHCP. If you run your own DHCP server for the Lan, you can configure it to supply some things dynamically and the IP address from an entry in the configuration.
<step 2>
Quote:
Go into the router and set up PORT FORWARDING to the LINUX Server, for the following ports: 22, 23, 25, 53, 80, 443, 8080
|
Port 22 is for ssh. Make sure to disallow root logins, add allowed users to "allow users", and only use the ssh-2 protocol.
Port 23 is for telnet. Close this port and uninstall the service if it exists.
Quote:
Is there a command I can run to see what PORTS are open on my server right now, before I disconnect from the ISP?
|
You should configure the server and the firewall and router before connecting to the internet. The router config should contain the IP supplied values. Anyway you already recorded this information. You can use the "nmap" program from another host to check which ports are open. You can go the the grc.com website to see which ports are open at the router.
<step 3>
Which distro are you running?
Most distro's have a gui networking -> network devices configuration tool to enter the IP, mask, gateway, nameserver address, etc. On SuSE, this info is stored in /etc/sysconfig/network/ifcfg-eth0 for the eth0 device. So another thing to do is simply to edit this file. On SuSE and other distro's the skeleton ifcfg- file is well commented.
Ideally, a DNS server inside the LAN should just reference hosts inside the LAN. A DNS server referencing internet domains should be located outside the LAN, or use the ISP's dns servers. If a DMZ DNS server itself needs an address in the LAN, that should be in /etc/hosts instead. Then it won't serve up that address as a result of a search.
This is a topic of the book "Firewalls and Internet Security"
http://www.wilyhacker.com/1e/
An internet Web server should be in the DMZ. It is even possible to place the server inside the edge router and use a NAT router for the LAN. There was a pdf article on this on the GRC.com security now website.
If it is connected to both the internet and the LAN, use two interfaces and have a tighter firewall setup on the outside zone.