Varun wrote:
Lanman wrote:
Um, Can't you just install a third network card to solve this? There were some great solutions in this thread, most of which would work very well if you had 3 NIC's instead of two.
NIC #1 (eth0) could be used for your Internet connection,
NIC #2 (eth1) could be used for the LTSP Terminals,
NIC #3 (eth2) cold be used for the normal systems.
That would allow you to configure their respective access to the Internet via subnets, allowing yo to use IPTables and Squid for all connected systems.
HTH
Lanman
I should have clarified the idea.
1) Accept all connections from eth1 (network segment which you could
name as "LTSP" in Shorewall) to "FW" - (Virtual segment created by
Shorewall itself),
2) Accept all connections from eth2 (network segment which you could
call "MyLan" in Shorewall) to "FW" - (Virtual segment also created by
Shorewall ),
3) Accept all connections from eth2 to iNet - (Network segment which
Shorewall sees as the Internet,
4) Drop all connections from eth1 (Segment called LTSP) to eth0 (iNet
segment)
An even simpler way would be to NOT enable NAT for the LTSP zone, but enable it for MyLan. This would make it easy to run your Internal Web-Site, and leave it at that.
If you only want the LTSP users to be able to view on web-page, then you should also be able to make the "pref.js" file, and the "Cache" folders in their profile as read only, but if you ever changed the page, this would complicate things.
HTH
Lanman
Hi Lanman
Did you use webmin ?
Varun
Varun - Absolutely I used webmin ! It allows you an enormous amount of flexibility over any firewall GUI. Remember that you need to clear your firewall rules after shutting down ANY firewall system in Linux. I just want to make sure that you knew to do that. The commands that you should run are;
iptables -F iptables -L
Both of them can be run from webmin, and they will delete any firewall rules still left in RAM. That screwed me up for a long time, when i first started learning IPTables. I'd try one GUI app, and if it didn't work, I'd try another, not realizing that the rules for the first app were still running in RAM and messing with my new rules. Since many of the firewall GUI's do the exact same things in different ways, you can't always know which one is doing what to your rules. That's why I went to Shorewall. It's a bit more complex that most, but that's because of it's flexibility.
I saw the other posts on the list about using Squid, etc., and while I have managed to get it working like that, I finally gave up on it, because it was too complex to troubleshoot later. You probably know as well as I do that once it's all working, it usually works fine for a long time.
6 or 8 months later when you go back to Squid to fix something, you basically have to re-learn it all over again. If you squid configs are complicated, and you're under pressure to get it up and running again, this can be a big problem, especially when your boss is looking over your shoulder!
I find that running 3 NIC's, and 2 subnets allows me greater flexibility, and I can add one rule for the entire subnet, instead of adding a rule for an IP address or for a range of IP addresses. This also makes other troubleshooting easier.
If you decide to go with Shorewall and the 3 NIC scenario that I mentioned, you'll need to run those 2 commands I mentioned, and delete the "iptables" file in "/etc/sysconfig" folder before accessing the webmin module of Shorewall. If it's not there (sometimes it can be left in place, even if you shut down your old firewall), then you can go ahead with configuring Shorewall in webmin.
Let me know if you need any help.
Lanman
Very true my squid is already malfunctioning. But I will temporily use transparent proxy just to learn. In the mean time I should see success with help.
Thanks
Varun
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
