[K12OSN] NAT and connections through it.

Les Mikesell lesmikesell at gmail.com
Mon Feb 2 20:28:00 UTC 2009

Doug Simpson wrote:
> These are not thin clients. . .
> It is a lab of computers. An E.A.S.T. lab to be specific, so they pretty much have full reign over them. I put the NAT in there so that when they get virus innfected, I can shell into the server that runs NAT and stop NAT and they are isolated. . . jsut that fast.
> Now, I need to be able to let them talk to a virus server out on the rest of the network for updates and etc. . .
> Thanks for the reply!

If you are running the old k12ltsp you should have an init script in 
so that
   service nat start
will enable nat,
   service nat stop
will stop it.

If you don't have this file, it basically does:
         modprobe iptable_nat
         iptables -t nat -A POSTROUTING -o $PUBLIC_ETHERNET -j MASQUERADE
         echo 1 > /proc/sys/net/ipv4/ip_forward

$PUBLIC_ETHERNET is set somewhere as the 'outside' interface and 
normally would be eth1.  If you want to restrict it to a specific 
outside address, you could add a -d nn.nn.nn.nn to the iptables line.

Or, you could configure the clients to use a squid proxy instead of 
giving them any direct access.

   Les Mikesell
    lesmikesell at gmail.com

More information about the K12OSN mailing list