RE: Firewall setup

On the other hand, you may want to secure things a little bit more.  Make
yourself an ultra-locked-down firewall (like a Linux firewall doing nothing
but IP masquerade - very nice) that disallows all incoming packets from its
routable IP, except for those destined for port 80.  Forward every
connection destined for port 80 on your firewall to port 80 on your web
server, which would be located inside the firewall along with your database
server.

Voila!  You have yourself an ultra-secure site, as long as you properly lock
down your firewall (turn off telnet, ftp, etc.).

If you need to access any other services from the outside, you can usually
just forward the correct ports - unless you're doing FTP or some other crAZy
protocol.

Neil

-----Original Message-----

Very simple, you only allow packets destined for the machine with
the db server at the dbserver port _across_ the firewall (from the
outside) that originated from the web server's IP address.


--
Close your eyes.  Now forget what you see.  What do you feel? --
My heart. --  Come here. --  Your heart. --  See?  We're exactly the same.

    Jon Smith -- Senior Math Major @ Purdue

On Tue, 4 Jul 2000, Derek Del Conte wrote:

> Hi,
>
>     I have a PHP4 + PostgreSQL site that I have been working on for
several
> weeks now.  We're getting ready to put up the production site very
shortly.
> I would like to keep the database separate from the web server.
PostgreSQL
> should be located behind the firewall and the web server outside.  How do
I
> work that with the firewall?  If I open up the database port does that
mean
> I put my database at risk?  Any ideas?
>
>
> Derek Del Conte - derek@gambitdesign.com
>
> gambitdesign.com provides all of your networking needs.
>
>