[K12OSN] Blocked net access

Eric Harrison eharrison at mail.mesd.k12.or.us
Fri Jan 12 17:35:10 UTC 2007


David Whitmer wrote:
> On 1/12/07, Les Mikesell <les at futuresource.com> wrote:
>>
>> I think the script and setup tries to automatically determine that you
>> have a 2-NIC
>> configuration and only activates NAT for that case.  Having eth0 down
>> must make
>> it look like a single NIC setup.
>>
>> -- 
>>  Les Mikesell
>>   les at futuresource.com
>>
> 
> hmmm...
> 
> We're running 4 K12LTSP servers at our schools.  On all but one
> routing has always worked perfectly for any Windows PCs connected to
> the "internal" subnet.  The server this has never worked on, though,
> is one where I know for sure I did not have either NIC (it has two)
> connected during the K12LTSP installation.
> 
> Perhaps my problem is that, since the NICs weren't connected during
> the installation and setup, that the setup didn't think it needed to
> configure & activate NAT?


The nat service is pretty simple. If you strip it down, this is all it does:

        PUBLIC_ETHERNET="eth1"
        iptables -t nat -A POSTROUTING -o $PUBLIC_ETHERNET -j MASQUERADE
        echo 1 > /proc/sys/net/ipv4/ip_forward


It doesn't care if the interface is up or down, what the ip address is,
etc, etc. The only configurable item is the interface that is nat'd.

If your public interface is on something other than eth1, edit
/etc/init.d/nat and change the "PUBLIC_ETHERNET=" line.


-Eric




More information about the K12OSN mailing list