In case this is useful to anyone, I've worked out my configuration and Ipcop is getting along just fine alongside my thin client network. I simply removed any mention of eth0 (the Ipcop NIC) from /etc/network/interfaces, allowing Ipcop to control it, and then ran interfaces (maintaining the original 192.168.0.254 address of eth1) to take care of the ltsp configuration. Now that I'm configuring the firewall itself, however, I wonder why there isn't an easier way to really block users from dancing right around the proxy walls. Wouldn't this be a rather serious concern of anyone deploying to large educational environments? Unless you do some pretty unconventional configuring, all it would take for a kid to break out to a wide-open Internet is to set Firefox to "no proxy"! Has this bothered anyone? Isn't there a more straightforward fix than adding custom rules to iptables? David
On Tue, 2010-03-09 at 15:41 -0500, dbclinton wrote: > Hi, > I've put a PC running the Ipcop firewall between the Internet and my > Edubuntu thin client server (Intrepid). The network card that connects > Ipcop to my server (green) has these settings: > ================= > eth0 Link encap:Ethernet HWaddr 00:08:A1:1E:73:90 > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:2062 errors:227 dropped:0 overruns:0 frame:0 > TX packets:2215 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:369386 (360.7 KB) TX bytes:1424440 (1.3 MB) > Interrupt:12 Base address:0xe800 > ================= > To get my server to play nicely with Ipcop, I had to disable > my /etc/network/interfaces file - which looked like this: > ================= > auto eth1 > iface eth1 inet static > address 192.168.0.254 > netmask 255.255.255.0 > network 192.168.0.0 > broadcast 192.168.0.255 > gateway 192.168.0.1 > # dns-* options are implemented by the resolvconf package, if installed > dns-nameservers 192.168.0.1 > dns-search clinton > > auto eth0 > iface eth0 inet static > address 192.168.0.254 > netmask 255.255.255.0 > network 192.168.0.0 > broadcast 192.168.0.255 > =================== > > ...which got me talking nicely to Ipcop but which also, of course, > brought my thin clients to a screaming halt. > So I assume I have to reconfigure my server settings. My first question > is: which ip settings can I safely use? > Next, besides /etc/network/interfaces and /etc/ltsp/dhcpd.conf, are > there any other files I'll have to know about? > With thanks as always, > David Clinton -- edubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
