M
M
Magi2015-05-02 22:46:56
FreeBSD
Magi, 2015-05-02 22:46:56

Do I need a firewall on my home web server behind a router?

There is FreeBSD 10.1, nginx, php 5.6, mysql 5.6, then there will be a mail server, joomla 3.4 Behind the Sagem router in which 22, 80, 110, 25, 443 are open Is it worth configuring ipfw on the server itself in this case?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
M
Magi, 2015-05-03
@Magi

Added
$cmd allow udp from any to me 53 in via $pif
$cmd allow udp from any 53 to me in via $pif
and it worked!

D
Dmitry Filimonov, 2015-05-03
@DmitryPhilimonov

Not in your particular case.
The left ports do not shine out, there are no routing / nata tasks, limiting anything (syn, tcp-sessions, etc) also does not make sense, because in any attack, your router / channel will die first (s), you are not going to collect the stat.
If you want to experiment in the future, networks inside the server or external ones (for example, VPN) are expected, then you can configure "for the future". You can take some basic rules somewhere to build on.
p.s. I would tweak to better explore networks in general. You can connect your server directly to the Internet, and the router is already on a different network connection (even better - raise vlanes on the router to skip the Internet, if it can do this, the topology will be more interesting). Then, firstly, you will have a sense in the firewall, and secondly, you will be able to take on its responsibilities for natu. Raise virtualization inside the server (separately for the database, for the site, a couple of nginx to proxy the request, DNS also so that the zone is local for virtual machines) so that additional networks appear, then you can even do some kind of routing. You can accelerate to dynamic routing already, swing the skill.

S
sim3x, 2015-05-02
@sim3x

Yes

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question