[K12OSN] NAT and connections through it.

[Doug Simpson]

Thanks for your reply. . .

I know how to turn nat on and off. . . my question is how to let them access a computer outside the NAT.

Will read over what you sent again and see if I can make heads or tails out of it. . .

Squid didn't do it. . . unless I didn't do it right. . .

Doesn't squid only to web proxying?

Thanks again for your reply.

Doug

Doug Simpson
Technology Specialist
De Queen Public Schools
De Queen, AR
simpsond at leopards.k12.ar.us
"A Dollar Saved is a Dollar Earned"


>>> Les Mikesell <lesmikesell at gmail.com> 2/2/2009 2:28 PM >>>
Doug Simpson wrote:
> These are not thin clients. . .
> It is a lab of computers. An E.A.S.T. lab to be specific, so they pretty much have full reign over them. I put the NAT in there so that when they get virus innfected, I can shell into the server that runs NAT and stop NAT and they are isolated. . . jsut that fast.
> 
> Now, I need to be able to let them talk to a virus server out on the rest of the network for updates and etc. . .
> 
> Thanks for the reply!
> 

If you are running the old k12ltsp you should have an init script in 
/etc/init.d/nat
so that
   service nat start
will enable nat,
   service nat stop
will stop it.

If you don't have this file, it basically does:
         modprobe iptable_nat
         iptables -t nat -A POSTROUTING -o $PUBLIC_ETHERNET -j MASQUERADE
         echo 1 > /proc/sys/net/ipv4/ip_forward

$PUBLIC_ETHERNET is set somewhere as the 'outside' interface and 
normally would be eth1.  If you want to restrict it to a specific 
outside address, you could add a -d nn.nn.nn.nn to the iptables line.

Or, you could configure the clients to use a squid proxy instead of 
giving them any direct access.

-- 
   Les Mikesell
    lesmikesell at gmail.com 

_______________________________________________
K12OSN mailing list
K12OSN at redhat.com 
https://www.redhat.com/mailman/listinfo/k12osn 
For more info see <http://www.k12os.org>