[K12OSN] Best solution for Internet access, control, and caching?
Timothy Legge
timlegge at gmail.com
Thu Dec 18 03:26:27 UTC 2008
On Wed, Dec 17, 2008 at 1:54 PM, Joseph Bishay <joseph.bishay at gmail.com> wrote:
> So to make sure I understand your recommendation I would go:
>
> Internet -> SMC Gateway router -> d-link router -> squid/proxy machine
> -> 8-port switch -> LTSP net NIC and the 6 net-only machines
>
> AND
>
> LTSP client NIC -> gigabit switch -> thin clients.
>
> Part of what you said in your email that I didn't understand was when you said:
>
>> (firewall rules applied). Currently all our Windows and Apple
>> computers are in the private network of the LTSP servers with IP
>> forwarding. I currently run DansGuardian with Squid and Squid Guard
> Does this mean that they are running off of the LTSP client NIC? How
> is that possible?
I don't have this with Ubuntu and LTSP 5 (but it should be similar)
but in my older system I simply enabled IP Forwarding in the kernel
options and the LTSP server forwards the internet traffic for the non
LTSP clints. See:
http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/
If the Windows clients get a dhcp address from the LTSP server on the
thin client network they can get to the internet via the LTSP server.
In a two NIC setup with firewall rules applied to the "Internet" nic,
it further protects your clients by moving them further into your
network. Of course, moving Windows clients into that trusted area is
probably not a good idea without a combination of good web filtering,
antivirus and non admin users. My windows systems are mostly servers
so it kind of makes sense.
Tim
More information about the K12OSN
mailing list