Member Avatar for spikes

Hi All,
Is it posable to use apache as a web forwarder? what i want to do is have a linux box in the dmz that will relay mail and web requests in to the LAN mail to the exchange and web on to a box with apache.

if this is posable will this be a good security model? if someone trys to exploite the web forwarder in the dmz the request will 'not' be passed to the web server in the LAN?

its just that the webserver is running off the back of my file server, which for obvious reasons i do not want exposed in the dmz.

any advice will be great

many thanks

spikes

  • 4 Contributors
  • 7 Replies
  • 227 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by spikes
Member Avatar for TKSS

Hi All,
Is it posable to use apache as a web forwarder? what i want to do is have a linux box in the dmz that will relay mail and web requests in to the LAN mail to the exchange and web on to a box with apache.

Clarify this statement a bit? I'm not sure what you're asking.:-|

Member Avatar for i686-linux

Do you mean:

dmzbox -mail-> internal Exchange server
dmzbox -website-> web server

commented: A system admin that know's his stuff :) power to the people! +2
Member Avatar for alc6379

I wouldn't even bother with such a setup.

If you keep your box up-to-date with the latest versions of your MTA (mail transport agent) and apache, that will give you an edge. Also, you should read a tutorial on securing a webserver, like setting up permissions and configuring the server itself.

Apache is designed to work on the Internet, and it's also designed to be pretty secure. There's no reason why you couldn't have a fileserver/webserver box on the internet, "exposed" so to speak, and not have any problems. I'd look into setting up firewall rules, permissions, and closing any unneeded open ports that are facing the Internet side of the server. That should help.

Member Avatar for spikes

sorry for the confusion,
what i am looking at doing is having one machine in the DMZ of my network that will pass on any port 25 traffic and any port 80 traffic to two seperate machines inside the LAN.

basicly i have the machine in the DMZ doing mail scanning for me then it relays everything that passes the tests to an exchange server in the LAN. what i am hopeing to add to this is a port 80 forwarder, the main reason being that the web server is also my main file store so i would like to keep it away from the outside world as much as possible.

with that said, i was hoping that if i had the forwarder in the DMZ then any attacks would be aimed at it instead of my file/web server.

any thourghts?

spikes

Member Avatar for i686-linux

This sounds to me like simple port forwarding?

check out http://netfilter.org for ipchains/iptables depending on your kernel

Member Avatar for alc6379

Definitely, that setup is a good idea. If you do other things on those boxes, port forwarding is a good idea.

Do you currently have a broadband router? It will most likely do port forwarding. Otherwise, here are some HOWTOs to give you some ideas:

IP Masquerade on Linux
ipnat under FreeBSD
IPNAT under NetBSD

If you have a broadband router, it's pretty easy to do port forwarding. If you have an old box sitting around, throw a pair of NICs into it, and build a router yourself. Personally, I like using the BSDs. I'm a fan of Free and NetBSD, as their NAT setups are pretty straightforward to configure, especially given that their online docs are pretty easy to follow.

Member Avatar for spikes

yea sounds like i'm on for the port forward. at the moment everything is sitting behind a smoothwall so i can forward from there. i guess what i was looking in to was 'can you use apache in a front-end / back-end set up?' but i think the port forward may be the most strait forward idea.

cheers for the help,

spikes

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.