Help Adding Another Website - Linux

This is a discussion on Help Adding Another Website - Linux ; Hello, I am the systems administrator for a small law firm. We host our own website/email on a FreeBSD 4.5 machine using Apache 1.3 and Sendmail (we have a Win2K server that takes care of all other networking duties). We ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Help Adding Another Website

  1. Help Adding Another Website

    Hello,
    I am the systems administrator for a small law firm. We host our own
    website/email on a FreeBSD 4.5 machine using Apache 1.3 and Sendmail (we
    have a Win2K server that takes care of all other networking duties). We
    have a Cox Business cable modem with 1 IP connected to a Cisco PIX 506
    firewall. This has worked great for serving one domain name, but now we are
    staring another company, and need to host another website. Since we're
    already hosting our own on this server (and it's not even close to being
    fully utilized), it would be nice if we could use our existing equipment. I
    know we'll definately need to get another IP from Cox and have the domain
    name point to that, but i'm not sure what to do from there. My best guess
    was I'd need to get another Cisco firewall, and set it up as follow:

    Cable Modem -> Hub -> Firewall 1 -> Rest of network including NIC 1 on
    FreeBSD server
    -> Firewall 2 -> NIC 2 on FreeBSD
    server

    I assume Apache and Sendmail would be ok in this situation? Any information
    on how best to accomplish all this is greatly appreciated!



  2. Re: Help Adding Another Website


    "Mark Antonson" wrote in message
    news:aPiRa.51653$o86.46114@news1.central.cox.net.. .
    | Hello,
    | I am the systems administrator for a small law firm. We host our own
    | website/email on a FreeBSD 4.5 machine using Apache 1.3 and Sendmail (we
    | have a Win2K server that takes care of all other networking duties). We
    | have a Cox Business cable modem with 1 IP connected to a Cisco PIX 506
    | firewall. This has worked great for serving one domain name, but now we
    are
    | staring another company, and need to host another website. Since we're
    | already hosting our own on this server (and it's not even close to being
    | fully utilized), it would be nice if we could use our existing equipment.
    I
    | know we'll definately need to get another IP from Cox and have the domain
    | name point to that, but i'm not sure what to do from there. My best guess
    | was I'd need to get another Cisco firewall, and set it up as follow:
    |
    | Cable Modem -> Hub -> Firewall 1 -> Rest of network including NIC 1 on
    | FreeBSD server
    | -> Firewall 2 -> NIC 2 on FreeBSD
    | server
    |
    | I assume Apache and Sendmail would be ok in this situation? Any
    information
    | on how best to accomplish all this is greatly appreciated!
    |
    |

    Given that you are going to use the same box and its Cox Business Cable
    modem....

    I would setup the new DNS record to point to the **same IP** and use Name
    Based resolution in Apache. Apache will make differentiation of the named
    server being accessed and pull content from the appropriate doc root
    directory.

    If you are planning to run OTHER services besides www, then you should split
    them out. You would still need to configure apache to respond to requests
    on a certain IP/name. Check out the docs on apache.org regarding virtual
    hosting.

    You might check the sendmail docs on hosting multiple domains. Also, quite a
    few people have posted things in the newsgroups. Use groups.google.com.

    ken k



  3. Re: Help Adding Another Website

    In article ,
    Mark Antonson wrote:
    >Hello,
    > I am the systems administrator for a small law firm. We host our own
    >website/email on a FreeBSD 4.5 machine using Apache 1.3 and Sendmail (we
    >have a Win2K server that takes care of all other networking duties). We
    >have a Cox Business cable modem with 1 IP connected to a Cisco PIX 506
    >firewall. This has worked great for serving one domain name, but now we are
    >staring another company, and need to host another website. Since we're
    >already hosting our own on this server (and it's not even close to being
    >fully utilized), it would be nice if we could use our existing equipment. I
    >know we'll definately need to get another IP from Cox and have the domain
    >name point to that, but i'm not sure what to do from there.


    No you don't. You can usually use the same IP address for both websites,
    and this is generally preferred. Just have both DNS entries point to your
    IP.

    In the Apache documentation, look up "VirtualHost" for information on how
    to configure multiple virtual hosts. If you have questions about
    configuring Apache, comp.infosystems.www.servers.unix is the right group.

    --
    Barry Margolin, barry.margolin@level3.com
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

  4. Re: Help Adding Another Website

    On Wed, 16 Jul 2003 20:44:54 GMT, "Mark Antonson"
    wrote:

    > I am the systems administrator for a small law firm. We host our own
    >website/email on a FreeBSD 4.5 machine using Apache 1.3 and Sendmail (we
    >have a Win2K server that takes care of all other networking duties). We
    >have a Cox Business cable modem with 1 IP connected to a Cisco PIX 506
    >firewall. This has worked great for serving one domain name, but now we are
    >staring another company, and need to host another website. Since we're
    >already hosting our own on this server (and it's not even close to being
    >fully utilized), it would be nice if we could use our existing equipment. I
    >know we'll definately need to get another IP from Cox and have the domain
    >name point to that, but i'm not sure what to do from there. My best guess
    >was I'd need to get another Cisco firewall, and set it up as follow:
    >
    >Cable Modem -> Hub -> Firewall 1 -> Rest of network including NIC 1 on
    >FreeBSD server
    > -> Firewall 2 -> NIC 2 on FreeBSD
    >server
    >
    >I assume Apache and Sendmail would be ok in this situation? Any information
    >on how best to accomplish all this is greatly appreciated!


    Why the post to the NT Admin group for a BSD/Apache question?

    Apache can run two sites just fine on one IP. Sendmail may need a
    second static IP. In either case, you don't need a second
    firewall/NIC/connection/etc. unless you need it for business reasons
    and not technical ones.

    Jeff
    ===================================
    Jeff Cochran (IIS MVP)
    jcochran.nospam@naplesgov.com - Munged of Course

    I don't get much time to respond to direct email,
    so posts here will have a better chance of getting
    an answer. Besides, everyone benefits here.

    Suggested resources:
    http://www.iisfaq.com/
    http://www.iisanswers.com/
    http://www.iistoolshed.com/
    http://securityadmin.info/
    http://www.aspfaq.com/
    http://support.microsoft.com/
    ====================================

  5. Re: Help Adding Another Website

    Thanks to everyone who has replied so far. I talked with my boss this
    morning, and for business reasons, he's decided he wants a seperate server
    now. Now in this situation, I'm assuming it'll end up something like I had
    before:

    Cable Modem -> Hub -> Firewall 1 -> Network and Old Server
    -> Firewall 2 -> New Server

    What kind of firewall would you guys reccommend for the new server? Do I
    really need another PIX 506 or could I get by with a 501 or something less?

    Thanks,
    Mark

    "Mark Antonson" wrote in message
    news:aPiRa.51653$o86.46114@news1.central.cox.net.. .
    > Hello,
    > I am the systems administrator for a small law firm. We host our own
    > website/email on a FreeBSD 4.5 machine using Apache 1.3 and Sendmail (we
    > have a Win2K server that takes care of all other networking duties). We
    > have a Cox Business cable modem with 1 IP connected to a Cisco PIX 506
    > firewall. This has worked great for serving one domain name, but now we

    are
    > staring another company, and need to host another website. Since we're
    > already hosting our own on this server (and it's not even close to being
    > fully utilized), it would be nice if we could use our existing equipment.

    I
    > know we'll definately need to get another IP from Cox and have the domain
    > name point to that, but i'm not sure what to do from there. My best guess
    > was I'd need to get another Cisco firewall, and set it up as follow:
    >
    > Cable Modem -> Hub -> Firewall 1 -> Rest of network including NIC 1 on
    > FreeBSD server
    > -> Firewall 2 -> NIC 2 on FreeBSD
    > server
    >
    > I assume Apache and Sendmail would be ok in this situation? Any

    information
    > on how best to accomplish all this is greatly appreciated!
    >
    >




  6. Re: Help Adding Another Website

    Mark Antonson wrote:
    > Thanks to everyone who has replied so far. I talked with my boss this
    > morning, and for business reasons, he's decided he wants a seperate server
    > now. Now in this situation, I'm assuming it'll end up something like I had
    > before:
    >
    > Cable Modem -> Hub -> Firewall 1 -> Network and Old Server
    > -> Firewall 2 -> New Server


    Do you really need the servers isolated from each other by firewall?
    You could do this (which is probably more common)

    Cable Modem -> Firewall -> Hub -> Network and Old Server
    New Server

    Personally though I would replace "Hub" with "Switch".

  7. Re: Help Adding Another Website

    After some more thought (and talking with another Unix/Linux guy I know),
    I'm thinking now that I'll just put the new BSD machine out there on it's
    own. Unfortunately, the PIX 506 doesn't support more than 2 interfaces, and
    the boss wants seperate IP addresses for both websites. So I think I'll end
    up with something like this:

    Cable Modem -> Switch -> Cisco PIX and existing network
    -> New BSD server

    I think this should be ok, and I plan on locking the new BSD machine down as
    much as possible and keeping it patched religiously (FreeBSD 5.1, Apache 2,
    and Qmail are all I plan on running on it, besides SSH for admin, etc. No
    ftp or telnet).

    "Bit Twister" wrote in message
    news:slrnbhgetq.38b.BitTwister@wb.home...
    > On Fri, 18 Jul 2003 13:28:51 -0400, Joe Beanfish wrote:
    > >>
    > >> Cable Modem -> Hub -> Firewall 1 -> Network and Old Server
    > >> -> Firewall 2 -> New Server

    > >
    > > Do you really need the servers isolated from each other by firewall?
    > > You could do this (which is probably more common)

    >
    > It would help keep malware installed on the New Server from
    > getting easy access to boxes on the Old server network.




  8. Re: Help Adding Another Website

    Mark Antonson wrote:
    > "Bit Twister" wrote in message
    > news:slrnbhgetq.38b.BitTwister@wb.home...
    > > On Fri, 18 Jul 2003 13:28:51 -0400, Joe Beanfish wrote:
    > > >>
    > > >> Cable Modem -> Hub -> Firewall 1 -> Network and Old Server
    > > >> -> Firewall 2 -> New Server
    > > >
    > > > Do you really need the servers isolated from each other by firewall?
    > > > You could do this (which is probably more common)

    > >
    > > It would help keep malware installed on the New Server from
    > > getting easy access to boxes on the Old server network.

    >
    > I'm thinking now that I'll just put the new BSD machine out there on it's
    > own. Unfortunately, the PIX 506 doesn't support more than 2 interfaces, and
    > the boss wants seperate IP addresses for both websites. So I think I'll end
    > up with something like this:
    >
    > Cable Modem -> Switch -> Cisco PIX and existing network
    > -> New BSD server
    >
    > I think this should be ok, and I plan on locking the new BSD machine down as
    > much as possible and keeping it patched religiously (FreeBSD 5.1, Apache 2,
    > and Qmail are all I plan on running on it, besides SSH for admin, etc. No
    > ftp or telnet).


    Unless you're using "interface" to mean "ip" you don't need multiple
    interfaces.
    An "interface" is generally an ethernet port or such. Just plug the
    cable modem
    into the firewall's incoming port and plug the firewall's outgoing port
    into
    into the hub/switch. Then plug as many other devices as desired into the
    hub/switch.
    Then all devices are protected from the outside (but not from each
    other).

    Also, don't be fooled into thinking there's anything particularly more
    secure
    about ssh rather than telnet. That's only true in the case of packet
    sniffing.
    You're more likely to get broken into because of flaky software. ssh is
    equally
    vulnerable to such attacks.

  9. Re: Help Adding Another Website

    I said interface because my boss wants to use seperate IP addresses, and (I
    may be wrong) but i'm under the assumption that you can't bind multiple IP
    addresses to a single interface on the Cisco PIX. That would mean I would
    need another interface to support another external IP. But I think the way
    i'm doing it will be easy and secure enough, I'll definately look into Snort
    and use complex passwords. Thanks for all the help though group!

    Mark

    "Joe Beanfish" wrote in message
    news:3F1C1E4F.AE5DE7B5@nospam.duh...
    > Mark Antonson wrote:
    > > "Bit Twister" wrote in message
    > > news:slrnbhgetq.38b.BitTwister@wb.home...
    > > > On Fri, 18 Jul 2003 13:28:51 -0400, Joe Beanfish wrote:
    > > > >>
    > > > >> Cable Modem -> Hub -> Firewall 1 -> Network and Old Server
    > > > >> -> Firewall 2 -> New Server
    > > > >
    > > > > Do you really need the servers isolated from each other by firewall?
    > > > > You could do this (which is probably more common)
    > > >
    > > > It would help keep malware installed on the New Server from
    > > > getting easy access to boxes on the Old server network.

    > >
    > > I'm thinking now that I'll just put the new BSD machine out there on

    it's
    > > own. Unfortunately, the PIX 506 doesn't support more than 2 interfaces,

    and
    > > the boss wants seperate IP addresses for both websites. So I think I'll

    end
    > > up with something like this:
    > >
    > > Cable Modem -> Switch -> Cisco PIX and existing network
    > > -> New BSD server
    > >
    > > I think this should be ok, and I plan on locking the new BSD machine

    down as
    > > much as possible and keeping it patched religiously (FreeBSD 5.1, Apache

    2,
    > > and Qmail are all I plan on running on it, besides SSH for admin, etc.

    No
    > > ftp or telnet).

    >
    > Unless you're using "interface" to mean "ip" you don't need multiple
    > interfaces.
    > An "interface" is generally an ethernet port or such. Just plug the
    > cable modem
    > into the firewall's incoming port and plug the firewall's outgoing port
    > into
    > into the hub/switch. Then plug as many other devices as desired into the
    > hub/switch.
    > Then all devices are protected from the outside (but not from each
    > other).
    >
    > Also, don't be fooled into thinking there's anything particularly more
    > secure
    > about ssh rather than telnet. That's only true in the case of packet
    > sniffing.
    > You're more likely to get broken into because of flaky software. ssh is
    > equally
    > vulnerable to such attacks.




+ Reply to Thread