Prev: newbie question about code
Next: Disabling an extension on a perdir basis.
From: tedd on 12 Sep 2010 12:55
At 4:42 PM -0400 9/10/10, Daniel Brown wrote:
>On Fri, Sep 10, 2010 at 16:37, Steve Staples <sstaples(a)mnsi.net> wrote:
>> Ok, here it goes...
>>
> > I am building an app, that requires a web interface.

-snip-

> > i want to be able to run it on like port 8880 or something... just
>> looking out there fro something...
>
> I had written one about two years ago for a project, but the code
>belongs to the client company, so it won't make it to open source.
>However, not only can it be done, but there's even some in existence.
>Check this one out:
>
> http://nanoweb.si.kz/
>
> I've never used it myself, but it may be worth a shot for you.
>--
></Daniel P. Brown>

A question, to clarify my fuzzy thinking about such things:

Can a business have a server connected to the Internet but limit
access to just their employees? I don't mean a password protected
scheme, but rather the server being totally closed to the outside
world other than to their internal employees? Or is this something
that can only be provided by a LAN with no Internet connection?

Cheers,

tedd

--
-------
http://sperling.com/
From: Ashley Sheridan on 12 Sep 2010 12:57
On Sun, 2010-09-12 at 12:55 -0400, tedd wrote:

> At 4:42 PM -0400 9/10/10, Daniel Brown wrote:
> >On Fri, Sep 10, 2010 at 16:37, Steve Staples <sstaples(a)mnsi.net> wrote:
> >> Ok, here it goes...
> >>
> > > I am building an app, that requires a web interface.
>
> -snip-
>
> > > i want to be able to run it on like port 8880 or something... just
> >> looking out there fro something...
> >
> > I had written one about two years ago for a project, but the code
> >belongs to the client company, so it won't make it to open source.
> >However, not only can it be done, but there's even some in existence.
> >Check this one out:
> >
> > http://nanoweb.si.kz/
> >
> > I've never used it myself, but it may be worth a shot for you.
> >--
> ></Daniel P. Brown>
>
> A question, to clarify my fuzzy thinking about such things:
>
> Can a business have a server connected to the Internet but limit
> access to just their employees? I don't mean a password protected
> scheme, but rather the server being totally closed to the outside
> world other than to their internal employees? Or is this something
> that can only be provided by a LAN with no Internet connection?
>
> Cheers,
>
> tedd
>
> --
> -------
> http://sperling.com/
>


Not entirely sure what you're asking, but could you maybe achieve
something like this with a WAN using a VPN?

Thanks,
Ash
http://www.ashleysheridan.co.uk


From: Andy McKenzie on 12 Sep 2010 13:18
>
> A question, to clarify my fuzzy thinking about such things:
>
> Can a business have a server connected to the Internet but limit access to
> just their employees? I don't mean a password protected scheme, but rather
> the server being totally closed to the outside world other than to their
> internal employees? Or is this something that can only be provided by a LAN
> with no Internet connection?
>
> Cheers,
>
> tedd

Hey, one I can answer!

The short answer is "Yes". It can be done in a firewall: for
instance, take the following network setups.

1) Internal machines on a single range (10.10.0.1-10.10.0-254),
gateway machine at 10.10.0.1, web server at 10.10.0.2.
In this situation, the gateway passes traffic web traffic from
outside to 10.10.0.2/80 (destination NATing, in linux's iptables), and
traffic from inside to 10.10.0.2/8880. There's no reasonable way for
outside traffic to reach the web server, but the web server can still
reach the outside world. If you don't want to have ANYONE outside the
private network reach the web server, you can eliminate the dnat rule
so port 80 traffic isn't forwarded. If the employees need access from
outside, a VPN would work best, as Ash suggested, but there are other
options. The catch is that you need to either use virtual hosts,
which brings one set of problems, or two pieces of web-server software
(two instances of apache, for instance), which brings a different set
of problems.

2) All systems on publicly reachable addresses
(230.54.8.0-230.54.8.254, to pick at random). The web server is at
230.54.8.2, there is no gateway. The firewall here needs to be on the
web server, since there is no gateway, and it only allows port 8880
traffic in if it's from the range 230.54.8.0/24. Again, if no
external access is necessary, it can be simplified somewhat.

In either instance, employees with permanent IP addresses at home can
be allowed in via the firewall.

-Alex

3)
From: tedd on 12 Sep 2010 13:33
At 5:57 PM +0100 9/12/10, Ashley Sheridan wrote:
>On Sun, 2010-09-12 at 12:55 -0400, tedd wrote:
>
>>Can a business have a server connected to the Internet but limit
>>access to just their employees? I don't mean a password protected
>>scheme, but rather the server being totally closed to the outside
>>world other than to their internal employees? Or is this something
>>that can only be provided by a LAN with no Internet connection?
>>
>
>Not entirely sure what you're asking, but could you maybe achieve
>something like this with a WAN using a VPN?
>
>Thanks,
>Ash

Ash:

I'm sure this is an obvious question for many on this list, but I'm
not above showing my ignorance.

I guess what I am asking -- if a client wanted an application written
(in web languages) so that their employees could link all their
different computers together and share/use information using
browsers, is that possible using a server that is not connected to
the Internet?

Look, I know that I can solve my clients problems by finding a host
and writing scripts to do what they want -- that's not a problem. But
everything I do is open to the world. Sure I can provide some level
of security, but nothing like the security that can be provided
behind closed and locked doors.

So, can I do what I do (i.e., programming) without having a host? Can
I install a local server at my clients location and interface all
their computers to use the server without them ever being connected
to the Internet?

Maybe I should ask my grandson. :-)

Cheers,

tedd

--
-------
http://sperling.com/
From: Joshua Kehn on 12 Sep 2010 13:40

On Sep 12, 2010, at 1:33 PM, tedd wrote:

> At 5:57 PM +0100 9/12/10, Ashley Sheridan wrote:
>> On Sun, 2010-09-12 at 12:55 -0400, tedd wrote:
>>
>>> Can a business have a server connected to the Internet but limit
>>> access to just their employees? I don't mean a password protected
>>> scheme, but rather the server being totally closed to the outside
>>> world other than to their internal employees? Or is this something
>>> that can only be provided by a LAN with no Internet connection?
>>>
>>
>> Not entirely sure what you're asking, but could you maybe achieve something like this with a WAN using a VPN?
>>
>> Thanks,
>> Ash
>
> Ash:
>
> I'm sure this is an obvious question for many on this list, but I'm not above showing my ignorance.
>
> I guess what I am asking -- if a client wanted an application written (in web languages) so that their employees could link all their different computers together and share/use information using browsers, is that possible using a server that is not connected to the Internet?
>
> Look, I know that I can solve my clients problems by finding a host and writing scripts to do what they want -- that's not a problem. But everything I do is open to the world. Sure I can provide some level of security, but nothing like the security that can be provided behind closed and locked doors.
>
> So, can I do what I do (i.e., programming) without having a host? Can I install a local server at my clients location and interface all their computers to use the server without them ever being connected to the Internet?
>
> Maybe I should ask my grandson. :-)
>
> Cheers,
>
> tedd
>
> --
> -------
> http://sperling.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


Tedd-

What do you mean "without ever being connected to the internet?" That statement throws me a bit because if it isn't connected to the public net the only alternative would be to run hard lines between hosts.

Regards,

-Josh
____________________________________
Joshua Kehn | Josh.Kehn(a)gmail.com
http://joshuakehn.com

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: newbie question about code
Next: Disabling an extension on a perdir basis.