gutsy and regular PCs on edubuntu lan
R. Scott Belford
scott at hosef.org
Wed Oct 31 18:50:49 GMT 2007
David Van Assche wrote:
> Hi,
> I recently reinstalled my server system to 64bit so I have recent
> knowledge of what needs to be modified to make a 2nic setup work with normal
> and thin client computers being able to get internet access. I'll paste my
> setup files here:
>
> /etc/network/interfaces:
>
> auto lo
> iface lo inet loopback
>
> # The primary network interface
> auto eth0
> iface eth0 inet static
> address 192.168.1.42
> netmask 255.255.255.0
> network 192.168.1.0
> broadcast 192.168.1.255
> gateway 192.168.1.1
> # dns-* options are implemented by the resolvconf package, if
> installed
> dns-nameservers 192.168.1.1 80.58.61.250
>
> auto eth1
> iface eth1 inet static
> address 192.168.0.254
> netmask 255.255.255.0
> network 192.168.0.0
> broadcast 192.168.0.255
> up iptables-restore < /etc/ltsp/nat.conf
Unless I am totally missing something, you do not need shorewall to
masquerade for you. That is what running
sudo iptables --table nat --append POSTROUTING --jump MASQUERADE
--source 192.168.0.0/24
followed by
sudo sh -c 'iptables-save > /etc/ltsp/nat.conf'
and then appending
up iptables-restore < /etc/ltsp/nat.conf
to your /etc/network/interfaces does.(1)
I have definitely set up dual-nic edubuntu labs that serve regular pc's
on the LAN multiple times these past few weeks. The one *additional*
step that I have to perform is changing my /etc/ltsp/dhcpd.conf file to
make the Edubuntu box the gateway
option routers 192.168.0.254;
>
> Then I simply followed the thinclienthowtonat file in the edubuntu wikis...
> Finally, and perhaps this is where there are issues from other people, I set
> up shorewall to masquarade from eth0 to eth1... by setting up a file called
> "masq" containing the following:
>
> #####################################################################
> #INTERFACE SUBNET ADDRESS PROTO PORT(S)
> IPSEC
> eth0 eth1
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
>
> Of course you should probably set up your rules and all that, but there are
> some good examples on shorewall's site and various howto pages on the net.
> In any case, with that you will get it working with 2 nics guaranteed...
> Setting up a local dns server will also improve connection times drastically
> in the normal client computers...
Putting shorewall, squidguard, denyhosts, dhcpd, nagios, and
dansguardian on a gateway router box is a good use for shorewall and can
easily integrate webmin. This is how we protect our setups in City parks.
>
> Kind Regards,
> David Van Assche
--scott
(1) https://wiki.edubuntu.org/ThinClientHowtoNAT?highlight=%28nat%29
More information about the edubuntu-users
mailing list