PDA

View Full Version : LTSP and Internet Access



dwyman
21st March 2005, 02:29 PM
I have setup LTSP in a lab environment and have clients successfully connecting to the Server and establishing sessions. I am using two NICs, eth0 and eth1. eth1 is connected the Internet via a DSL modem and Netgear Router.

When eth0 is connected to the Netgear Router and only eth0; can I access the Internet. However when I try to use eth1 for the LTSP Client side the clients cannot connect.

It seems as if both LTSP and the Internet access must use eth0 to work but as I said as soon as I use eth0 for LTSP Clients, both the Server itself and the clients are unable to connect to the internet.

Can anyone suggest what I may be doing incorrectly?????

homey
21st March 2005, 05:53 PM
eth1 is connected the Internet via a DSL modem and Netgear Router
The way my home network is setup is this.
Cable/DSL modem -->> eth1 of my server ## note: this is the firewall side
eth0 of my server -->> hub/switch ## this is the local network side
All clients are connected to the hub

Fedora has a nice utility from the command: system-config-securitylevel
from there, you can set eth0 as a trusted device.

dwyman
21st March 2005, 08:20 PM
Thanks for the reply. I will definitely give that a try!!! Some doco I have read also indicates that IP-Tables and Masquerading may also need to be configured.

I am assuming that you are also using Private IP-Addressing on the local network side for your clients.

homey
22nd March 2005, 03:46 AM
Yes, I have an iptables script, modified abit from one I found by googling. These are the basic parts...

EXT="eth1"
$IPTABLES -F
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -t nat -A POSTROUTING -o $EXT -j MASQUERADE
$IPTABLES -A FORWARD -i $EXT -m state --state NEW,INVALID -j DROP
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -s 192.168.0.0/24 -d 0/0 -p all -j ACCEPT

If you are unable or unwilling to fix up the iptables, the program called firestarter is a good way to go.

I also have my server setup to pass out addresses to the clients with dhcp.

dwyman
22nd March 2005, 05:53 PM
All set any very happy!!! Thanks for assisting!!!