[K12OSN] NAT and connections through it.
Les Mikesell
lesmikesell at gmail.com
Mon Feb 2 20:28:00 UTC 2009
Doug Simpson wrote:
> These are not thin clients. . .
> It is a lab of computers. An E.A.S.T. lab to be specific, so they pretty much have full reign over them. I put the NAT in there so that when they get virus innfected, I can shell into the server that runs NAT and stop NAT and they are isolated. . . jsut that fast.
>
> Now, I need to be able to let them talk to a virus server out on the rest of the network for updates and etc. . .
>
> Thanks for the reply!
>
If you are running the old k12ltsp you should have an init script in
/etc/init.d/nat
so that
service nat start
will enable nat,
service nat stop
will stop it.
If you don't have this file, it basically does:
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o $PUBLIC_ETHERNET -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
$PUBLIC_ETHERNET is set somewhere as the 'outside' interface and
normally would be eth1. If you want to restrict it to a specific
outside address, you could add a -d nn.nn.nn.nn to the iptables line.
Or, you could configure the clients to use a squid proxy instead of
giving them any direct access.
--
Les Mikesell
lesmikesell at gmail.com
More information about the K12OSN
mailing list