Tim Williams
July 6th, 2003, 10:25 PM
Hello all,
I need a little (alot?) of help creating a ruleset. What I want to do is very simple:
1) I want to allow the entire Internet to access my webserver on ports 80 and 443.
2) I want to dis-allow EVERYTHING else (ftp, mail, ..EVERYTHING) to ANYONE besides individuals with specific MAC addresses, with the exception of ARP (because I don't know the MAC address of my Gateway).
3) Those machines with the allowed MAC addresses I want to allow pretty much anything.
However, I also have a few questions:
a) is the above configuration safe? Is it possible for someone to spoof a MAC address?
b) is there any possible vulnerability in allowing all ARP traffic? should I bother calling my ISP and asking them for the MAC address of my gateway? or is there a way I can find this out on my own?
My situation: I have my server co-located at my ISP. I only want the public to be able to access my website on ports 80 and 443. However, from my home computer (or my laptop when on the road), I would like to be able to connect to the server with remote desktop, file sharing (netBios, etc.), SMTP, POP3, and pretty much any other server/service that I would like to provide myself with...but I don't want the public being able to connect to these services - the ONLY ports I want the public to connect to are 80 and 443 for my website.
I figured the best way to do this is with the above scenario (using the MAC addresses of my home computer and laptop) as I do not have a static IP at home or when I'm on the road.
Also, THE MACHINE NEEDS TO BE ABLE TO CONNECT TO ITSELF, so that my web application can send e-mails (my mailserver is running on the same box) and connection to SQL Server (also running on the same box).
I would most appreciate it if someone could create me an example ruleset file and e-mail it to me at twilliams@datastreamcorp.com (please put the word RULESET in capital letters in the SUBJECT line)...Thanks in advance!
I need a little (alot?) of help creating a ruleset. What I want to do is very simple:
1) I want to allow the entire Internet to access my webserver on ports 80 and 443.
2) I want to dis-allow EVERYTHING else (ftp, mail, ..EVERYTHING) to ANYONE besides individuals with specific MAC addresses, with the exception of ARP (because I don't know the MAC address of my Gateway).
3) Those machines with the allowed MAC addresses I want to allow pretty much anything.
However, I also have a few questions:
a) is the above configuration safe? Is it possible for someone to spoof a MAC address?
b) is there any possible vulnerability in allowing all ARP traffic? should I bother calling my ISP and asking them for the MAC address of my gateway? or is there a way I can find this out on my own?
My situation: I have my server co-located at my ISP. I only want the public to be able to access my website on ports 80 and 443. However, from my home computer (or my laptop when on the road), I would like to be able to connect to the server with remote desktop, file sharing (netBios, etc.), SMTP, POP3, and pretty much any other server/service that I would like to provide myself with...but I don't want the public being able to connect to these services - the ONLY ports I want the public to connect to are 80 and 443 for my website.
I figured the best way to do this is with the above scenario (using the MAC addresses of my home computer and laptop) as I do not have a static IP at home or when I'm on the road.
Also, THE MACHINE NEEDS TO BE ABLE TO CONNECT TO ITSELF, so that my web application can send e-mails (my mailserver is running on the same box) and connection to SQL Server (also running on the same box).
I would most appreciate it if someone could create me an example ruleset file and e-mail it to me at twilliams@datastreamcorp.com (please put the word RULESET in capital letters in the SUBJECT line)...Thanks in advance!