>Hello Creighton, > > Wednesday, February 19, 2003, 3:41:24 AM CET, you wrote: > > cs> Next, I have a small setup, only one server and one node > so far, cs> however this is a proof-of-concept attempt for my local > office. The cs> powers that be are afraid to abandon M$ on the > workstaions so I have been cs> trying to setup this k12ltsp (RedHat > 7.3) server as an internet gateway cs> for the windoze machines. My > test machine is a win95 that reads the net cs> card, asks for and > gets a number from the dhcpd, but cannot read the cs> 'network > neiborhood' nor can I login to the server by telnet. This same cs> > machine boots with an etherboot boot disk fine. > > The fact that it cannot read the network neighbourhood can be due to > your not having configured samba properly. No matter sofar. > If you cannot telnet to it, that could be caused by security > settings; I know that Debian 3.0 usually doesn't activate telnet but > only the encrypted version, ssh. > Can you ping the linux box? (Does the IP-address given by win95: > winipcfg) for the dhcp server match what you configured?
For SAMBA, it is important to set the WORKGROUP = WHATEVER directive in the smb.conf file, where WHATEVER is the workgroup the rest of your win9x/nt office is on (Right-click Network Neighborhood, properties, Identification). Also make sure they are on the same subnet. > On the linux box, you need masquerading and a GOOD firewall for what > you plan, for a start these rules should suffice (FOR A START!!!) > > echo "1" >/proc/sys/net/ipv4/ip_forward to turn on forwarding > iptables -t nat -A FORWARD -i eth0 -o ppp0 -j MASQUERADE > iptables -A INPUT -i ppp0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN > -j DROP > > (from memory, countercheck with iptables man-page) Here is my iptables setup (RH 7.2) on a stand alone machine between the Internet and my LAN. I keep it in /etc/rc.d/rc.firewall which I then run in /etc/rc.d/rc.local so it will be run if the server should reboot: ----- echo Setting up IP Forwarding ... iptables -F; iptables -t nat -F; iptables -t mangle -F iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 123.456.789.012 # Turn off pop3 from Internet iptables -A INPUT -p tcp --destination-port 110 -i eth1 -j DROP # Turn off MySQL from Internet iptables -A INPUT -p tcp --destination-port 3306 -i eth1 -j DROP # Turn off Time from Internet iptables -A INPUT -p tcp --destination-port 37 -i eth1 -j DROP echo Turning on IP Forwarding ... echo 1 > /proc/sys/net/ipv4/ip_forward ----- eth0 is my lan, and eth1 is my dsl connection. 123.456.789.012 is my static internet IP address. I turn off ports that I don't want the Internet to have access to. Although this is not a true firewall, it has worked well for me for about 2 years. I think I got most of the configuration information from this web page, but I'm not sure: http://tldp.org/LDP/nag2/x-087-2-masq.configuration.html > This is not a tight firewall, but just a quickstart, assuming you > connect to the internet via ppp0 interface and localnet is eth0. > At least better than nothing, no idea, what redhat has for default. > In general, the recommendation to have a second PC as > internet-gateway/firewall is pretty reasonable for me, but it is not > always possible to spare a machine for that. > You could look out, e.g. at etherboot.org Links or so I saw a > netbootable firewall-Linux (a machine gets Linux from the net, > readonly, and from then on is a firewall: Even if cracked, no data > can be destroyed on that particular PC...) > > cs> Can someone point me in the direction of some docs that might > give me some cs> direction, please? > > For this network/internet-relay stuff, you could look for a FAQ on > www.tldp.org (The Linux Documentation Project), I seem to remember > there was one with MASQUERADING in its name, in the networking > section. > > cs> Also, is there anyone here who has a ltsp setup > cs> running well in the Greater Cincinnati area, such as a school? > > Sorry, Greater Cologne area better fits the place I'm working at :-) > > Best regards, > Anselm > mailto:[EMAIL PROTECTED] I'm not so good at the ltsp stuff yet, but if you need help with iptables and samba I may be able to assist. Sincerely, Ben Rousch ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
