Presentation and LTSP support request
Gavin McCullagh
gmccullagh at gmail.com
Mon Nov 6 09:03:20 GMT 2006
On Sun, 05 Nov 2006, Daniel J. Summers wrote:
> So the wireless router becomes 192.168.0.1, and you tell the Edubuntu
> server (ES) to use that as the gateway? Interesting... Would the
> wireless connections still work - i.e., they'll connect through the
> router, but get their Internet access through the server (which would
> make the ES a proxy server)?
You're using thin clients, right. This means that your applications are
running on the thin client server and displaying their output windows on
the thin client. So, the thin clients only need direct access to the thin
client server via X11 (and possibly ppd/esd ports for print/sound). When a
thin client launches firefox, it does so direct on the server. All web
requests and responses are between the thin client server and the internet
(through the gateway obviously). This is not a web proxy (though I suppose
it could be argued to be a form of proxying).
Assuming you don't set this up very strangely, the router will set itself
up as 192.168.0.1 and all other machines should be in the range
192.168.0.2-254. If this is the case, all machines can directly contact
each other, your wireless access point (part of the router) just acts as a
hub for that traffic.
> I'd really be interested in that proxy server setup for the school I'm
> setting up, though - I'm sure they don't want wide-open Internet access
> in their classrooms. (And, I understand that with thin clients, most of
> those restrictions would be placed on the user.)
If you want to restrict net access (which the above wouldn't do), you
probably need to set up either an elaborate set of per-ip address
restrictions[1] on the router or set up a web proxy server, block all 'net
access via other machines and apply your restrictions on the proxy. These
restrictions couldn include content filtering (dan's guardian perhaps),
username/passwords for net access and others.
Bear in mind that if you run squid (web proxy) on your thin client server,
that means that machine must have web access -- which means the thin client
users running firefox have web access. Your proxy server would need to be
on a machine other than the one they log into (ie not on the thin client
server)[2].
Gavin
[1] I'm going to assume your students don't know how to change their ip
addresses to get around this.
[2] Using iptables on the server it is possible to say "outward connections
allowed only to the squid process", but this is a little bit complex.
More information about the edubuntu-users
mailing list