[K12OSN] Fedora 2 vs WB3 or RHE3 and old proxy by-pass prob

Jim Christiansen christiansen_j at hotmail.com
Thu Jun 3 15:13:29 UTC 2004 

I've finally had a chance to move my twin mp box to Fedora 2.  The system 
seems equally perky with the 2.6.5 kernel as the former Debian with a 
similar 2.6 kernel.

How many are now using the RHE3 or WB3 for K12LTSP?

Does anyone know how this new kernel will perform on a K12LTSP server?  I 
routinely use my server at home to test things out before going to school...

Also, when the kernel image loads on the clients, is there any reason to 
think about moving along a new kernel based on the 2.6 line to the clients?

As the school year is coming to a close I'm looking to make some changes...  
Get rid of StarOffice7 for the default OO.  Install Firefox instead of 
Mozilla, and install VariCad- that I just purchased an unlimited site 
licence for with free future updates!

The questions that I had about the IPCop/Mozilla proxy being bypassed have 
been solved by only allowing proxy traffic through a defined port in 
iptables.  If anyone wants to know how I did this, please drop me a line.  
Oh, heck...scp /home2/ipcop-252/rc.local.proxy-252 jim at home:
jim at home's password:
rc.local.proxy-252                            100% 3456    35.8MB/s   00:00
GREEN=eth0

# ports:
#       20,21           ftp
#       22              ssh
#       25              smtp
#       53              dns
#       80,443          web
#       123             ntpd
#       445             https: ipcop
#       11371           GNU GPG
#       445             IPCop external https connection

ALLOW_TCP_OUT="20 21 22 25 53 80 85 113 123 443 445 8800 11371"
ALLOW_UDP_OUT="20 21 22 25 53 80 85 123 443 445 8800"

for i in $ALLOW_TCP_OUT ; do
       /sbin/iptables -A CUSTOMFORWARD -i $GREEN -p tcp --dport $i -j ACCEPT
done

for i in $ALLOW_UDP_OUT ; do
       /sbin/iptables -A CUSTOMFORWARD -i $GREEN -p udp --dport $i -j ACCEPT
done

######## Second: These need to be open to allow outgoing
# data for specific incoming protocols

ALLOW_TCP_SOURCE="22 110 143"
ALLOW_UDP_SOURCE="22 110 143"

for i in $ALLOW_TCP_SOURCE ; do
       /sbin/iptables -A CUSTOMFORWARD -i $GREEN -p tcp --sport $i -j ACCEPT
done

for i in $ALLOW_UDP_SOURCE ; do
       /sbin/iptables -A CUSTOMFORWARD -i $GREEN -p udp --sport $i -j ACCEPT
done

Thanks to Richard Thomas for the above.  This goes in rc.local.

Jim

_________________________________________________________________
Add photos to your e-mail with MSN Premium. Get 2 months FREE*  
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines

More information about the K12OSN mailing list