[K12OSN] K12LTSP server won't give non-terminals web access

[Eric Harrison]

David D. Nelson wrote:
> I was trying to troubleshoot a problem of a dropped
> internet connection from my K12LTSP server so I
> temporarally turned off the firewall using the
> security GUI applet. When I re-enabled the firewall I
> lost the ability for workstations (not terminals) to
> connect to the internet. When I turn on squid and
> redirect the workstations to use the proxy they are
> always denied access. I decided to rebuild the server
> with K12LTSP 6b7 and I find that workstations still
> don't have access to the internet. The server is the
> gateway and dhcp for the network. 

All of the IPTables manipulation specific to K12LTSP is setup as
services. There is nat (Network Address Translation), iptables-k12ltsp
(permit all traffic on eth0, where the terminals are), and
transparent-proxying (redirect web traffic to squid/squidGuard).

If you have the default setup (terminals on eth0, network/internet
access on eth1), you can just make sure that these services are enabled
and started. Such as:

	/sbin/chkconfig nat on
	/sbin/service nat restart

	/sbin/chkconfig iptables-k12ltsp on
	/sbin/service iptables-k12ltsp restart

	/sbin/chkconfig transparent-proxying on
	/sbin/service transparent-proxying restart

> What do I need to change and where do I look to change
> it. Also, I need some direction on where I can find a
> relatively simple guide to firewall settings and how
> to securely set up a mail server and web server on my
> K12LTSP box unless it would be best to dedicate
> another computer to the job. No more than 10
> terminals/workstations are on this network.
> 
> Thank you.
> 
> 

The simplest is to use the built-in tool:

	System -> Administration -> Security Level and Firewall

If you reload the firewall, be sure to restart nat, iptables-k12ltsp,
and/or transparent-proxying.


-Eric