[K12OSN] NAT and connections through it.

Doug Simpson simpsond at leopards.k12.ar.us
Tue Feb 3 13:01:28 UTC 2009

Thanks for your reply. . .

I know how to turn nat on and off. . . my question is how to let them access a computer outside the NAT.

Will read over what you sent again and see if I can make heads or tails out of it. . .

Squid didn't do it. . . unless I didn't do it right. . .

Doesn't squid only to web proxying?

Thanks again for your reply.


Doug Simpson
Technology Specialist
De Queen Public Schools
De Queen, AR
simpsond at leopards.k12.ar.us
"A Dollar Saved is a Dollar Earned"

>>> Les Mikesell <lesmikesell at gmail.com> 2/2/2009 2:28 PM >>>
Doug Simpson wrote:
> These are not thin clients. . .
> It is a lab of computers. An E.A.S.T. lab to be specific, so they pretty much have full reign over them. I put the NAT in there so that when they get virus innfected, I can shell into the server that runs NAT and stop NAT and they are isolated. . . jsut that fast.
> Now, I need to be able to let them talk to a virus server out on the rest of the network for updates and etc. . .
> Thanks for the reply!

If you are running the old k12ltsp you should have an init script in 
so that
   service nat start
will enable nat,
   service nat stop
will stop it.

If you don't have this file, it basically does:
         modprobe iptable_nat
         iptables -t nat -A POSTROUTING -o $PUBLIC_ETHERNET -j MASQUERADE
         echo 1 > /proc/sys/net/ipv4/ip_forward

$PUBLIC_ETHERNET is set somewhere as the 'outside' interface and 
normally would be eth1.  If you want to restrict it to a specific 
outside address, you could add a -d nn.nn.nn.nn to the iptables line.

Or, you could configure the clients to use a squid proxy instead of 
giving them any direct access.

   Les Mikesell
    lesmikesell at gmail.com 

K12OSN mailing list
K12OSN at redhat.com 
For more info see <http://www.k12os.org>

More information about the K12OSN mailing list