Jeffrey Tadlock: >> You may not want to run a webserver on your firewall from a security >> standpoint, but that aside... Timothy Murphy: > Is it safer to run shorewall on another computer behind the firewall? Shorewall is what configures your firewall, it's done on the same computer. > I'd be interested in any information - eg pointers to documentation - > on making a home web-server secure (or more secure, at least). The basic advice is to run something separate as a firewall between the WWW and you. If you wanted to be really safe, and run a public web server, then you'd run the web server on a separate box, too. It goes without saying that the web server must be isolated from your LAN, for that to be of any benefit. You route connections through your firewall to it, and allow it to respond back out again. But you don't allow it access to any other part of your network. That way, if someone exploits your firewall (if possible), all they do is muck up the firewall. Likewise, if someone exploits the web server, all they do is muck it up. They're not able to muck up your other terminals and servers, because they don't connect to them. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
