Hello pedro, Friday, January 24, 2003, 2:07:02 AM, you wrote:
pn> good question, Id like to hear from someone who might pn> have an ltsp speciffic firewall script If your server does only serve LTSP clients on the eth0 interface (let's say 10.0.7.1/24 on eth0) and is connected to the rest of the local net (let's say 10.0.0.173/24 on eth1), then something along these lines would do: Allow tcp connects from intern to ports 22 (ssh), 23 (telnet), 1024- (for X, NFS and so, I think), 111 (portmap) udp must be allowed to 67-69 (bootp,tftp), 177 (xdmcp), 514 (syslog), 111 (portmap), 1024- (for rest, to be sure). It should not accept incoming connections from somewhere else (except, if you like remote administration, ssh on port 22). If you have local apps running on the clients, it would get more complicated as these could generate packages that have to go through the server (masquerading and all). On our server, there is a minimum firewall along those lines, but that's not to bad as anyhow there are only services on the server that are needed to be open for the clients anyhow, and connections from external are limited to ssh (for remote administration). Best regards, Anselm mailto:[EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
