apache2 configuration question 2394

Richard Kimber

No, that is merely to address:port to which the Apache2 server is going to listen for requests to service. It has nothing to do with the IP address of the machine(s) requesting service.

Essentially, the answer is yes. Whether you need to have an active firewall depends on whether your local network is visible to the Internet.

For example, my local network uses a private subnet (192.168.1.*-24). There is a large set of subnets that are treated as private; 192.168.*.*-16 are all private IP addresses, and there are several other ranges that are considered private as well. As I understand it, no router will forward data packets in or out of a private subnet unless it is doing some sort of network address translation (NAT). What this means, in essence, is that the only data packets coming out of your network onto the Internet are those that have been translated (by NAT running in your router) into some public IP address (typically the one buttigned to your router by your ISP when you first connect). The only data pockets coming into your network are those that are translated (again by NAT running on your router) into your private subnet. In such an environment, your router is acting as a firewall, screening out all incoming traffic other than responses to packets the router sent out in the first place. It also means that your Apache2 server is invisible to the Internet, and can be accessed only by machines running within your private subnet.

In some cases, your local network may be buttigned a subnet of static public IP addresses. Not too many ordinary ISPs do this for home networks because public IP addresses must be unique across the entire Internet, making them valuable (and expensive) commodities. Since this makes every machine on your LAN visible to the Internet, you would be well advised to run a firewall.

See Bob Hauck's reply, also.

-- Larry Bristol --- The Double Luck