Tom, I agree with you. I decided to use the LTSP server as a NAT/Firewall server because my cable router didn't have enough ports to connect all my computers to it.
In the end, I had to modify the Shorewall policy to accept ALL traffic from the LTSP LAN.
I am, however, still interested to learn how to configure Shorewall to accommodate LTSP clients.
*/Tom Brown <[EMAIL PROTECTED]>/* wrote:
I know nothing about shorewall. What I do know is that (imho) you are better off placing the firewall on a separate machine between your router and your ltsp server. One of our volunteers at FREE GEEK MICHIANA has an LTSP server behind a firewall behind a cable modem. He (Goose) put his firewall-on-a-floppy on an old IBM PC 330 (P90, 32mb) with two nics. It works well.
Tom
At 11:14 AM 2/22/03 -0500, Conrad Lawes wrote: >I'm running LTSP on a multi-home server running Mandrake 9.0. > >configuration: >eth0 192.168.1.108 (external) connected to cable router. >eth1 192.168.0.1 (internal) LTSP LAN > >I installed and configured the shorewall firewall package and all the LTSP >clients fail to boot because TFTP traffic is being blocked by shorewall. > >I assume that /etc/shorewall/rules & /etc/shorewall/policies files must be >updated to accept TFTP communication but my fiddling has not worked thus >far. > >Does anyone know how to correct this problem? > >TIA. > > > > > > >------------------------------------------------------- >This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. >The most comprehensive and flexible code editor you can use. >Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. >www.slickedit.com/sourceforge >_____________________________________________________________________ >Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >For additional LTSP help, try #ltsp channel on irc.freenode.net >
------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
Conrad Lawes
------------------------------------------------------------------------
Do you Yahoo!?
Yahoo! Tax Center <http://rd.yahoo.com/finance/mailtagline/*http://taxes.yahoo.com/> - forms, calculators, tips, and more
Hello Tom, Conrad and others,
You probably solved this one by now.
I had this problem too. To fix it I edited the /etc/shorewall/rules (Mandrake 9.0) file and added
ACCEPT loc fw udp 53,69 - ACCEPT loc fw tcp 80,443,53,69 - ACCEPT fw loc udp 53,69 - ACCEPT fw loc tcp 53,69 -
Note checkout mainly port 69 (TFTP)
You probably need to add nfs rules for your local net too.
On a side note. I would be really grateful if one or more of you folk could port scan my PC tonight, just to make shure it's locked down. I know it is not recommended, but its connected to the internet via a dialup and serving as a gate way for my home network. My IP address tonight is 203.123.71.241
TA Chris
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net