[K12OSN] Help with iptables
Brian Chivers
brian at portsmouth-college.ac.uk
Fri Dec 12 11:25:24 UTC 2008
Almquist Burke wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>>>
>>>> I'll try and draw a ASCII diagram, try being the word :-)
>>>>
>>>> Thinclients 10.0.0.x
>>>> |
>>>> |
>>>> Server 10.0.0.1
>>>> 192.168.0.100
>>>> |
>>>> |
>>>> MAIN NETWORK (All servers on 192.168.0.x/16 - Proxy
>>>> 192.168.0.80:8080
>>>> |
>>>> |
>>>> Firewall (Green Network - 192.168.0.2)
>>>> (Orange DMZ - 172.16.0.x)
>>>> (Red - 212.219.x.x)
>>>> |
>>>> |
>>>> CISCO to Internet
>>>>
>
> Do people directly on the main network have to go through the proxy too?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
> iEYEARECAAYFAklB6DMACgkQxWV7OPa/g5HCdwCgilUOn/3u8jr29lrlphBDVeOV
> 8ZEAnjcIkZ9kuEYSQ1qXnP4OfzLjFffI
> =xob4
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
Yes but they're all Windows boxes so they're sorted by the firewall blocking them direct access, the
problem is that the firewall see the traffic coming from the ip address of the thinclient server
192.168.0.100 NOT the thinclients. I could block ALL internet traffic from the thinclient server @
the firewall but don't really want to do that.
Brian
------------------------------------------------------------------------------------------------
The views expressed here are my own and not necessarily
the views of Portsmouth College
More information about the K12OSN
mailing list