linuxtoys.net) to reach a server.
That requires you to purchase a DNS domain name and have an entry set up in a DNS
server to resolve the name to the IP address of your server.
Although there is nothing magical about setting up an Internet server, given the few issues just
mentioned, creating a public server can be a lot like opening up the doors of your house so that
strangers can wander in. You want some policies in place to restrict where the strangers can go and
what they can do.
For home or small-office locations that have a single Internet connection (represented by one public
IP address), servers can be more exposed to the Internet than desktop systems by keeping them
in one area that??™s referred to as the DMZ (demilitarized zone). In this configuration (illustrated in
Figure 5-4), servers are directly behind the outside firewall. Desktop systems (that aren??™t to be
accessible by people from the Internet) are behind a second, more restrictive firewall.
Whether you use Linux or dedicated firewall devices to provide firewall service, the outside firewall
allows requests in for Web services (port 80), FTP services (ports 20 and 21), simple mail
transfer protocol (port 25), and possibly other services. The internal firewall blocks any requests
for services from the outside and allows only Internet communications that were initiated from
computers behind the inside firewall.
Pages:
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417