[K12OSN] LTSP ,iptables and vnc
"Terrell Prudé Jr."
microman at cmosnetworks.com
Mon Jan 22 18:38:13 UTC 2007
You don't. Remember, the thin client itself isn't going out to the
Internet. The thin client is simply a display station, and everything
is running on the server. So, what you would have to do is block the
*server* from going out to the Internet, specifically, the server's
"outside" IP address.
The approach I would try is putting, for example, an OpenBSD box in
front of that K12LTSP server, and you'd then set up authpf on the
OpenBSD box. Authpf makes you authenticate before being able to go out
past it. But that's kinda complex to do. But unless you're very
comfortable with OpenBSD and its PF rules, I wouldn't go this route.
Another solution, and the one I would actually recommend, is to set up a
second K12LTSP server that you don't allow to go to the Internet (you
can block this server's IP address at your Internet router). Set up a
bank of thin clients, label them "No Internet Access," and hook up these
thin clients to this second K12LTSP server.
--TP
_______________________________
Do you GNU!?
Microsoft Free since 2003 <http://www.gnu.org/>--the ultimate antivirus
protection!
Nataraj S Narayan wrote:
> Hi
>
> How do I use iptables on a LTSP client?
>
> I have NAT machine, which is also the ltsp server.
>
> I mean, i need to block a few thin clients from accessing the Net. Tried
> disabling using the following in the Ltsp server, where 192.168.1.163
> is Ltsp client.
> :-
>
> /sbin/iptables -A FORWARD -s 192.168.1.163 -j DROP
> /sbin/iptables -A FORWARD -d 192.168.1.163 -j DROP
>
> But this doesnt work.
>
> Also, I need to monitor what's going on the client occasionally from a
> remote location. Does vnc server/viewer suit this? Is there any other
> solution?
>
> regards
>
> Nataraj
>
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070122/d801b972/attachment.htm>
More information about the K12OSN
mailing list