i'm planning to host my site, my contains lots of perl scripts written by me....(i kno i'm not an expert so there will be loopholes in my scripts).

anyway i set up a small LAN for the webserver which looks like this...

___
|_| router/firewall using smoothwall
| ____
| ========|__| workstation
|
| ____
|======|__| Webserver (slackware 8.1)


i only hav one external ip which being assigned to the router...

the workstation has an ip of 192.168.0.2 and the webserver has 192.168.0.3

i redirect port 80 and 22 to the webserver's ip. cuz sshd is enabled.

i also have proftpd enabled but only accessable within LAN..

do i need to enable ipchain in the webserver machine or the router is good enough??

do u think this configuration is ok or any other suggestions???

thanks!!!

Check out the NHFs . They are very helpful for securing your system . They were even co-authored by Sun(or at least coached by) , from what I understand .

:D :D :D :D :D :D :D :D

Yea sure you could use ipchains/iptables on your webserver for a little more security. Thats what I do :)

http://www.linuxguruz.org/iptables/

Personally I would setup ipaliaes on the router and server for your web pages and sshd as these are the most common exploitable ports (sshd especially as this is commonly the only back door for routers). The second ip addr. Should probably be on a different subnet that cannot reach your LAN.
ie. LAN 192.168.0.10-192.168.0.254
Server eth0:0 192.168.0.2 eth0:1 192.168.1.2
assuming eth0 is your internal nic for your router.
Router eth0:0 192.168.0.1 eth0:1 192.168.1.1


Setup tcp/wrapper scripts, ipchains/iptables and limit root access (/etc/securetty). chroot???? and keep a good rotation on your logs.

UPDATE, UPDATE, UPDATE

Please read www.tldp.org securing and optimizing Linux.

J.
:)

thx for all your suggestions!!! :)