[K12OSN] K12LTSP server won't give non-terminals web access
Eric Harrison
eharrison at mail.mesd.k12.or.us
Wed Nov 29 17:50:12 UTC 2006
David D. Nelson wrote:
> I was trying to troubleshoot a problem of a dropped
> internet connection from my K12LTSP server so I
> temporarally turned off the firewall using the
> security GUI applet. When I re-enabled the firewall I
> lost the ability for workstations (not terminals) to
> connect to the internet. When I turn on squid and
> redirect the workstations to use the proxy they are
> always denied access. I decided to rebuild the server
> with K12LTSP 6b7 and I find that workstations still
> don't have access to the internet. The server is the
> gateway and dhcp for the network.
All of the IPTables manipulation specific to K12LTSP is setup as
services. There is nat (Network Address Translation), iptables-k12ltsp
(permit all traffic on eth0, where the terminals are), and
transparent-proxying (redirect web traffic to squid/squidGuard).
If you have the default setup (terminals on eth0, network/internet
access on eth1), you can just make sure that these services are enabled
and started. Such as:
/sbin/chkconfig nat on
/sbin/service nat restart
/sbin/chkconfig iptables-k12ltsp on
/sbin/service iptables-k12ltsp restart
/sbin/chkconfig transparent-proxying on
/sbin/service transparent-proxying restart
> What do I need to change and where do I look to change
> it. Also, I need some direction on where I can find a
> relatively simple guide to firewall settings and how
> to securely set up a mail server and web server on my
> K12LTSP box unless it would be best to dedicate
> another computer to the job. No more than 10
> terminals/workstations are on this network.
>
> Thank you.
>
>
The simplest is to use the built-in tool:
System -> Administration -> Security Level and Firewall
If you reload the firewall, be sure to restart nat, iptables-k12ltsp,
and/or transparent-proxying.
-Eric
More information about the K12OSN
mailing list