[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[K12OSN] Re: K12OSN Digest, Vol 28, Issue 6



It is possible to set up a firewall right on the LTSP server. I routinely use a 100 mb/s NIC to connect to the ISP, and a gigabit/s NIC to connect to the switch on the LTSP LAN. You could install a third NIC to connect to the rest of the school running other OS's to give them more freedom. You can back up the firewall with dansguardian. I put squid, dansguardian, local apache, php, mysql, dhcpd, local BIND, on the server. Having many of these services on the server is faster and simpler to configure. There is slightly more security in having a separate firewall/filter, but it has not been necessary in my experience. I have mostly worked in smaller schools. The bigger the cost of a failure, the more paranoia pays. My server has run for months in systems where that other OS needed protection from a Linux firewall and still my system was ten times more reliable.
I think a key piece, at least in terms of protecting the server from bad guys on the
internet, is that you have a firewall--that is, a separate box--between the LTSP box and
the internet.  With the firewall, you can control what, if any, connections from the
outside world can even get to the LTSP server.
-- 
A problem is an opportunity.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]