David Van Assche wrote: > Hi, > I recently reinstalled my server system to 64bit so I have recent > knowledge of what needs to be modified to make a 2nic setup work with normal > and thin client computers being able to get internet access. I'll paste my > setup files here: > > /etc/network/interfaces: > > auto lo > iface lo inet loopback > > # The primary network interface > auto eth0 > iface eth0 inet static > address 192.168.1.42 > netmask 255.255.255.0 > network 192.168.1.0 > broadcast 192.168.1.255 > gateway 192.168.1.1 > # dns-* options are implemented by the resolvconf package, if > installed > dns-nameservers 192.168.1.1 80.58.61.250 > > auto eth1 > iface eth1 inet static > address 192.168.0.254 > netmask 255.255.255.0 > network 192.168.0.0 > broadcast 192.168.0.255 > up iptables-restore < /etc/ltsp/nat.conf
Unless I am totally missing something, you do not need shorewall to masquerade for you. That is what running sudo iptables --table nat --append POSTROUTING --jump MASQUERADE --source 192.168.0.0/24 followed by sudo sh -c 'iptables-save > /etc/ltsp/nat.conf' and then appending up iptables-restore < /etc/ltsp/nat.conf to your /etc/network/interfaces does.(1) I have definitely set up dual-nic edubuntu labs that serve regular pc's on the LAN multiple times these past few weeks. The one *additional* step that I have to perform is changing my /etc/ltsp/dhcpd.conf file to make the Edubuntu box the gateway option routers 192.168.0.254; > > Then I simply followed the thinclienthowtonat file in the edubuntu wikis... > Finally, and perhaps this is where there are issues from other people, I set > up shorewall to masquarade from eth0 to eth1... by setting up a file called > "masq" containing the following: > > ##################################################################### > #INTERFACE SUBNET ADDRESS PROTO PORT(S) > IPSEC > eth0 eth1 > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > Of course you should probably set up your rules and all that, but there are > some good examples on shorewall's site and various howto pages on the net. > In any case, with that you will get it working with 2 nics guaranteed... > Setting up a local dns server will also improve connection times drastically > in the normal client computers... Putting shorewall, squidguard, denyhosts, dhcpd, nagios, and dansguardian on a gateway router box is a good use for shorewall and can easily integrate webmin. This is how we protect our setups in City parks. > > Kind Regards, > David Van Assche --scott (1) https://wiki.edubuntu.org/ThinClientHowtoNAT?highlight=%28nat%29 -- edubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
