[K12OSN] solved--K12LTSP server won't give non-terminals web access

David D. Nelson nelsda at yahoo.com
Wed Dec 6 05:27:56 UTC 2006 

Sorry about the early send.

Any way, I think I found out the problem of
workstations on my internal network not being able to
get access to the internet with a web browser. When I
added things like HTTP to the trusted services I could
get access. But if I wanted the ports to be invisible
to the outside world things wouldn't work. I found
while looking at the Linux Firewall module in Webmin
that only lo was set to accept any traffic but that
eth0 was not. I added a rule to accept any traffic on
eth0 and now my internal workstations get through the
firewall just fine. Was the K12LTSP rule to accept
anything on eth0 supposed to do the same thing?


--- "David D. Nelson" <nelsda at yahoo.com> wrote:

> I tried pinging from a windows workstation and was
> able to ping using the dns hostname. I even tried a
> hostname which I'm shure I have never visited with
> that computer and it worked. When I try to browse I
> get an "Invalid Request" error and then something
> about some aspect of the HTTP request being invalid.
> 
> I have a standard setup of K12LTSP with the LTSP box
> connected to the internet on eth1 and the local
> network on eth0. The server provides dhcp to the
> internal network and routing for any workstations I
> hook to the internal network so they have full
> access
> to the outside world. I want to be able to bring in
> a
> laptop, forexample, and hook it in, let dhcp assign
> the IP and such and let the computer browse the net.
> 
> I followed what Eric suggested below but it still
> doesn't work.
> 
> Any other ideas or do you know of a generic set of
> config files I could compare mine to?
> 
> Thank you.
> 
> 
> --- Jack Palmadesso <jack.palmadesso at gmail.com>
> wrote:
> 
> > try pinging something on the internet via its ip
> > address.  Then try
> > pinging with a dns hostname.  If the ip works but
> > the name does not
> > then your dns settings on the workstations are the
> > problem.
> > 
> > On 12/1/06, Jack Palmadesso
> > <jack.palmadesso at gmail.com> wrote:
> > > Check DNS settings on the Workstations
> > >
> > > On 11/29/06, Eric Harrison
> > <eharrison at mail.mesd.k12.or.us> wrote:
> > > > David D. Nelson wrote:
> > > > > I was trying to troubleshoot a problem of a
> > dropped
> > > > > internet connection from my K12LTSP server
> so
> > I
> > > > > temporarally turned off the firewall using
> the
> > > > > security GUI applet. When I re-enabled the
> > firewall I
> > > > > lost the ability for workstations (not
> > terminals) to
> > > > > connect to the internet. When I turn on
> squid
> > and
> > > > > redirect the workstations to use the proxy
> > they are
> > > > > always denied access. I decided to rebuild
> the
> > server
> > > > > with K12LTSP 6b7 and I find that
> workstations
> > still
> > > > > don't have access to the internet. The
> server
> > is the
> > > > > gateway and dhcp for the network.
> > > >
> > > > All of the IPTables manipulation specific to
> > K12LTSP is setup as
> > > > services. There is nat (Network Address
> > Translation), iptables-k12ltsp
> > > > (permit all traffic on eth0, where the
> terminals
> > are), and
> > > > transparent-proxying (redirect web traffic to
> > squid/squidGuard).
> > > >
> > > > If you have the default setup (terminals on
> > eth0, network/internet
> > > > access on eth1), you can just make sure that
> > these services are enabled
> > > > and started. Such as:
> > > >
> > > >         /sbin/chkconfig nat on
> > > >         /sbin/service nat restart
> > > >
> > > >         /sbin/chkconfig iptables-k12ltsp on
> > > >         /sbin/service iptables-k12ltsp restart
> > > >
> > > >         /sbin/chkconfig transparent-proxying
> on
> > > >         /sbin/service transparent-proxying
> > restart
> > > >
> > > > > What do I need to change and where do I look
> > to change
> > > > > it. Also, I need some direction on where I
> can
> > find a
> > > > > relatively simple guide to firewall settings
> > and how
> > > > > to securely set up a mail server and web
> > server on my
> > > > > K12LTSP box unless it would be best to
> > dedicate
> > > > > another computer to the job. No more than 10
> > > > > terminals/workstations are on this network.
> > > > >
> > > > > Thank you.
> > > > >
> > > > >
> > > >
> > > > The simplest is to use the built-in tool:
> > > >
> > > >         System -> Administration -> Security
> > Level and Firewall
> > > >
> > > > If you reload the firewall, be sure to restart
> > nat, iptables-k12ltsp,
> > > > and/or transparent-proxying.
> > > >
> > > >
> > > > -Eric
> > > >
> > > >
> _______________________________________________
> > > > K12OSN mailing list
> > > > K12OSN at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/k12osn
> > > > For more info see <http://www.k12os.org>
> > > >
> > >
> > 
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> > 
> 
> 
> David D. Nelson
> nelsda at yahoo.com
> 
> 
>  
>
____________________________________________________________________________________
> Do you Yahoo!?
> Everyone is raving about the all-new Yahoo! Mail
> beta.
> http://new.mail.yahoo.com
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 


David D. Nelson
nelsda at yahoo.com


 
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

More information about the K12OSN mailing list