[K12OSN] NAT and connections through it.
Doug Simpson
simpsond at leopards.k12.ar.us
Tue Feb 3 13:01:28 UTC 2009
Thanks for your reply. . .
I know how to turn nat on and off. . . my question is how to let them access a computer outside the NAT.
Will read over what you sent again and see if I can make heads or tails out of it. . .
Squid didn't do it. . . unless I didn't do it right. . .
Doesn't squid only to web proxying?
Thanks again for your reply.
Doug
Doug Simpson
Technology Specialist
De Queen Public Schools
De Queen, AR
simpsond at leopards.k12.ar.us
"A Dollar Saved is a Dollar Earned"
>>> Les Mikesell <lesmikesell at gmail.com> 2/2/2009 2:28 PM >>>
Doug Simpson wrote:
> These are not thin clients. . .
> It is a lab of computers. An E.A.S.T. lab to be specific, so they pretty much have full reign over them. I put the NAT in there so that when they get virus innfected, I can shell into the server that runs NAT and stop NAT and they are isolated. . . jsut that fast.
>
> Now, I need to be able to let them talk to a virus server out on the rest of the network for updates and etc. . .
>
> Thanks for the reply!
>
If you are running the old k12ltsp you should have an init script in
/etc/init.d/nat
so that
service nat start
will enable nat,
service nat stop
will stop it.
If you don't have this file, it basically does:
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o $PUBLIC_ETHERNET -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
$PUBLIC_ETHERNET is set somewhere as the 'outside' interface and
normally would be eth1. If you want to restrict it to a specific
outside address, you could add a -d nn.nn.nn.nn to the iptables line.
Or, you could configure the clients to use a squid proxy instead of
giving them any direct access.
--
Les Mikesell
lesmikesell at gmail.com
_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
More information about the K12OSN
mailing list