Joined
·
6,584 Posts
Okay, I'm not a big networking person. I know the basics, and then some, but that's it. I could use someone who knows their networking, and has a few minutes to read this.
Here's my question. I want to make a PC accessible to the internet as a server. This server will be used by a few people only, so while I know you can't run a real website on a home connection, it won't matter in this case. It will probably be idle about 99%of the time.
I have a few questions.
1. What should I look at as far as security? It's running Ubuntu 8.04 LTS Server Edition (no GUI), with the latest updates. MySQL, PHP, and Apache are, as of right now, updated. It's got a software firewall (Shorewall). I know Ubuntu is decently safe by default, but other than telling PHP and MySQL not to disclose the server signature, is there any other "basic" or "common" steps besides the obvious of backing it up and being prepared for the possibility? How often should I check for updates to Apache, MySQL, and PHP, and can you download and update them automatically via a command like I did when I installed them? I use SFTP for transfers, which I hear is much safer than standard FTP. I'm also learning the basics of my way around command line Linux, and it's pretty interesting.
2. Here's the actual networking situation. Right now, our internet connection comes in through the modem/router (they're both combined into one box). The modem/router splits it up into a few connections, and one of them is my PC obviously. DMZ Plus is enabled for my PC, so for anyone who doesn't know, this basically means my PC is outside the modem/router's hardware firewall (DMZ = demilitarized zone?), and it routes all incoming traffic on our IP address to my PC specifically, or something like that.
Now, here is the thing. It's not my PC the server is/is set up on (it's my old Dell Dimension 4100). The PC is set up "behind" mine on the network. My motherboard has two ethernet connections, so basically, I have my internet connection incoming on one, and the other is connected directly to the Ubuntu box. Here's a simple image diagram I threw together in Paint to explain it.
As I said, right now, all incoming traffic is routed by default to my PC since it's set as DMZ Plus enabled. What I want to happen is for my PC to pass that incoming stuff along to the server that's behind it as though it were the default DMZ Plus enabled. For reference, the PC behind mine (the server) can access the internet fine (I tried it with Windows, and Ubuntu was obviously able to connect and get it's updates), so it is connected right with access. I just need to get it to be the default destination for the IP address. I figure I can't do this via the modem/router since the PC I want to direct the traffic to isn't directly connected to it or on that network, but rather on it's own network with my PC, so I assume I'd have to do something on my PC to get it to pass that data along.
So, long long story short, is it possible to do this way? Is it something I can do via Windows 7's networking, or is there software I can install and set up to control this?
I'm aware it's probably possible to hook the server up to the modem/router and have it set to DMZ plus, which would also maybe be safer for my PC as it'd then disable it on mine and put it back under the modem/router's firewall, but that'd be another wire to run across the house, and I'm pretty sure all of the connections on our modem/router are in use anyway.
I know this isn't a simple question anyone can answer, so I'm specifically asking for people who know their networking here.
Here's my question. I want to make a PC accessible to the internet as a server. This server will be used by a few people only, so while I know you can't run a real website on a home connection, it won't matter in this case. It will probably be idle about 99%of the time.
I have a few questions.
1. What should I look at as far as security? It's running Ubuntu 8.04 LTS Server Edition (no GUI), with the latest updates. MySQL, PHP, and Apache are, as of right now, updated. It's got a software firewall (Shorewall). I know Ubuntu is decently safe by default, but other than telling PHP and MySQL not to disclose the server signature, is there any other "basic" or "common" steps besides the obvious of backing it up and being prepared for the possibility? How often should I check for updates to Apache, MySQL, and PHP, and can you download and update them automatically via a command like I did when I installed them? I use SFTP for transfers, which I hear is much safer than standard FTP. I'm also learning the basics of my way around command line Linux, and it's pretty interesting.
2. Here's the actual networking situation. Right now, our internet connection comes in through the modem/router (they're both combined into one box). The modem/router splits it up into a few connections, and one of them is my PC obviously. DMZ Plus is enabled for my PC, so for anyone who doesn't know, this basically means my PC is outside the modem/router's hardware firewall (DMZ = demilitarized zone?), and it routes all incoming traffic on our IP address to my PC specifically, or something like that.
Now, here is the thing. It's not my PC the server is/is set up on (it's my old Dell Dimension 4100). The PC is set up "behind" mine on the network. My motherboard has two ethernet connections, so basically, I have my internet connection incoming on one, and the other is connected directly to the Ubuntu box. Here's a simple image diagram I threw together in Paint to explain it.

As I said, right now, all incoming traffic is routed by default to my PC since it's set as DMZ Plus enabled. What I want to happen is for my PC to pass that incoming stuff along to the server that's behind it as though it were the default DMZ Plus enabled. For reference, the PC behind mine (the server) can access the internet fine (I tried it with Windows, and Ubuntu was obviously able to connect and get it's updates), so it is connected right with access. I just need to get it to be the default destination for the IP address. I figure I can't do this via the modem/router since the PC I want to direct the traffic to isn't directly connected to it or on that network, but rather on it's own network with my PC, so I assume I'd have to do something on my PC to get it to pass that data along.
So, long long story short, is it possible to do this way? Is it something I can do via Windows 7's networking, or is there software I can install and set up to control this?
I'm aware it's probably possible to hook the server up to the modem/router and have it set to DMZ plus, which would also maybe be safer for my PC as it'd then disable it on mine and put it back under the modem/router's firewall, but that'd be another wire to run across the house, and I'm pretty sure all of the connections on our modem/router are in use anyway.
I know this isn't a simple question anyone can answer, so I'm specifically asking for people who know their networking here.