[Freedombox-discuss] public + private http services
On 07/18/2013 03:59 PM, Nick Daly wrote:
> On Wed, Jul 17, 2013 at 11:51 PM, Timur Mehrvarz
> <timur.mehrvarz at riseup.net> wrote:
>> On 15.07.2013 16:04, Timur Mehrvarz wrote:
>>> How do you make sure some http services are only visible on the internal
>>> network - while other services are visible on all networks?
> It depends on how your internal network is set up.
> Ultimately, you'll need to open different ports on your server for
> intra-network and external-network connections. If you have a
> separate firewall device, make sure the firewall forwards connections
> (ports) to the server's external connection ports.
> Outside -- Firewall -- Server -- Inside
> Outside -- Server/Firewall -- Inside
> This is good context to your question:
> To see an example of how this might work on a specific computer, check
> out a particular firewall like Arno's IP Tables Firewall. You might
> want to run this in a VM so you don't hose everything on your main
> # apt-get install arno-iptables-firewall
> # dpkg-reconfigure arno-iptables-firewall
> # apt-get remove arno-iptables-firewall
> Pay particular attention to the "internal" and "external" port
> screens. They're how you define exactly what you're asking about.
I wasn't so much concerned about myself getting this configured
properly. I'm rather concerned about less technical folks trying to
setup a FBX. Sure, you can configure local-network-only services, by
changing some firewall rules. But you could also write your services in
ways for them to handle this autonomously. No specific FW rules would be
needed then. My question is: do you agree, that this 2nd approach would
be the more sensible one for FBX?