Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 03-09-2010, 03:47 AM   #16
Senior Member
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250

Not really.
You have to educate them about the way the internet works and about how apache works.
It's not windows. The world will only be able to accesss your machine, if they forward port 80 to your internal ip.
You don't have access to other peoples machines in the building do you ?
Old 03-09-2010, 07:50 AM   #17
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 420Reputation: 420Reputation: 420Reputation: 420Reputation: 420
Originally Posted by ash_zz_00 View Post
The building owner is trying to help with port forwarding, but has security concerns that someone could reach my computer through the forwarded port and now has access to the private network and wreck havoc.

Are there ways to minimize it?
E.g. Is it possible for port forwarding to limit it to one or two external IP addresses? That is, if I know that I will be accessing from one or two external machines, and if the router only forwards requests from these known IP addresses, it might be an acceptable compromise.


Actually your building owner is showing some intelligence. Unfortunately, they are also focusing on the lesser threats.

It is true that by forwarding a port to your Apache server, you are open to exploits and if successful, the buildings network is at risk. Your level of vulnerability is going to depend on things like the kind of applications you are serving (PHP apps require a higher degree of vigilance than plain HTML), the degree to which you keep your system patched and the degree to which you monitor your system. So things you can do are:

  • Run extra security measures like mod_security
  • Make sure PHP is locked down tight, or don't run PHP services at all
  • Run a monitoring system like Aide or Samhain or a IDS like Snort
  • Have a patch/update plan that you actually follow
  • Run apache in a virtual machine or chroot jail

What your owner is missing is that normal web browsing using Internet Exploder is probably a much greater threat to the integrity of the building's network than your Apache server ever could be. Most of the more common threats (trojans, viruses, warez, etc.) don't require a port to be forwarded in order for the compromised machine to wreak havoc and don't require a forwarded port in order to initiate the zombifcation of the machines.

As far as locking down access to a few trusted IP addresses, that certainly can be done very easily on your server using hosts.allow/hosts.deny or iptables. The building router might be capable of it, but that is probably dependent on the router's firmware.

Last edited by Hangdog42; 03-09-2010 at 07:53 AM.


apache, dhcp, slackware

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to connect my home pc and work pc chetan_linux Linux - Networking 2 08-06-2008 01:28 PM
Linux unable to connect to my new home LAN tallmtt Linux - Networking 5 03-07-2008 03:11 PM
Apache - unable to connect, ssh ok feltdd Linux - Software 5 05-18-2006 05:03 PM
LAN Hosts unable to connect to Apache 2.0.40-21.11 Bedwig Linux - Newbie 6 02-14-2006 06:23 AM
apache unable to access /home/*/public_html directory cavemanf16 Linux - Software 6 07-08-2004 06:43 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:53 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration