[K12OSN] Re: K12OSN Digest, Vol 28, Issue 6

[pogson]

It is possible to set up a firewall right on the LTSP server. I
routinely use a 100 mb/s NIC to connect to the ISP, and a gigabit/s NIC
to connect to the switch on the LTSP LAN. You could install a third NIC
to connect to the rest of the school running other OS's to give them
more freedom. You can back up the firewall with dansguardian. I put
squid, dansguardian, local apache, php, mysql, dhcpd, local BIND, on the
server. Having many of these services on the server is faster and
simpler to configure. There is slightly more security in having a
separate firewall/filter, but it has not been necessary in my
experience. I have mostly worked in smaller schools. The bigger the cost
of a failure, the more paranoia pays. My server has run for months in
systems where that other OS needed protection from a Linux firewall and
still my system was ten times more reliable.

> I think a key piece, at least in terms of protecting the server from
> bad guys on the 
> internet, is that you have a firewall--that is, a separate
> box--between the LTSP box and 
> the internet.  With the firewall, you can control what, if any,
> connections from the 
> outside world can even get to the LTSP server.

-- 
A problem is an opportunity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20060605/7b410fae/attachment.htm>