[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] NAT and connections through it.



Doug Simpson wrote:
These are not thin clients. . .
It is a lab of computers. An E.A.S.T. lab to be specific, so they pretty much have full reign over them. I put the NAT in there so that when they get virus innfected, I can shell into the server that runs NAT and stop NAT and they are isolated. . . jsut that fast.

Now, I need to be able to let them talk to a virus server out on the rest of the network for updates and etc. . .

Thanks for the reply!


If you are running the old k12ltsp you should have an init script in /etc/init.d/nat
so that
  service nat start
will enable nat,
  service nat stop
will stop it.

If you don't have this file, it basically does:
        modprobe iptable_nat
        iptables -t nat -A POSTROUTING -o $PUBLIC_ETHERNET -j MASQUERADE
        echo 1 > /proc/sys/net/ipv4/ip_forward

$PUBLIC_ETHERNET is set somewhere as the 'outside' interface and normally would be eth1. If you want to restrict it to a specific outside address, you could add a -d nn.nn.nn.nn to the iptables line.

Or, you could configure the clients to use a squid proxy instead of giving them any direct access.

--
  Les Mikesell
   lesmikesell gmail com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]