From owner-freebsd-questions  Tue Aug 28 14: 9:53 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.bacxs.com (ubr-b-33.179.173.winterpark.cfl.rr.com [65.33.179.173])
	by hub.freebsd.org (Postfix) with ESMTP id 38A8D37B403
	for <freebsd-questions@freebsd.org>; Tue, 28 Aug 2001 14:09:50 -0700 (PDT)
	(envelope-from mwoodson@bacxs.com)
Received: from efx.bacxs.com by mail.bacxs.com
	with SMTP (MDaemon.v3.5.3.R)
	for <freebsd-questions@freebsd.org>; Tue, 28 Aug 2001 17:08:46 -0400
Message-Id: <5.1.0.14.0.20010828170609.034f0ec8@192.168.99.2>
X-Sender: mwoodson@192.168.99.2
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 28 Aug 2001 17:08:46 -0400
To: freebsd-questions@freebsd.org
From: Mark Woodson <mwoodson@bacxs.com>
Subject: Re: helping in securing box
In-Reply-To: <200108282015.f7SKFOV21254@lucy.tbscom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Return-Path: mwoodson@bacxs.com
X-MDaemon-Deliver-To: freebsd-questions@freebsd.org
Reply-To: mwoodson@bacxs.com
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

At 04:15 PM 8/28/2001 -0400, you wrote:
>I have a some questions in helping to secure two freebsd servers I 
>have.  I am very new still to server administration and would be quite 
>open to any tutorials that you can suggest.  But anyway here is what I 
>think I want to do.
>
>I have one server that is pretty much runs just apache/php/sendmail and 
>another that runs mysql.  On the database server I would like to refuse 
>all requests for anything that does not come from its subnet.  I thought 
>there was a way to do this using /etc/hosts.deny but there doesn't seem to 
>be that file on freeBSD. Even if there was I don't really know how to deny 
>everything but a small set of ip's.
>I would also only like to allow the database server to send admin emails 
>out and not allow anything to else to be sent or received, is there a way 
>to do this?  The web server i feel can be a lot more open but does anyone 
>have some suggestions to help keep this from possible intrusions.

The best way to do this I think it to set up a firewall on both 
boxes.  Then you can easily restrict traffic based on 
ip/protocol/etc.  It's fairly painless.  Of course you'd ideally want a 
firewall at your gateway to further secure your network and restrict traffic.

-Mark



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message