gutsy and regular PCs on edubuntu lan

R. Scott Belford scott at hosef.org
Wed Oct 31 18:50:49 GMT 2007 

David Van Assche wrote:
> Hi,
>    I recently reinstalled my server system to 64bit so I have recent
> knowledge of what needs to be modified to make a 2nic setup work with normal
> and thin client computers being able to get internet access. I'll paste my
> setup files here:
> 
> /etc/network/interfaces:
> 
> auto lo
> iface lo inet loopback
> 
> # The primary network interface
> auto eth0
> iface eth0 inet static
>         address 192.168.1.42
>         netmask 255.255.255.0
>         network 192.168.1.0
>         broadcast 192.168.1.255
>         gateway 192.168.1.1
>         # dns-* options are implemented by the resolvconf package, if
> installed
>         dns-nameservers 192.168.1.1 80.58.61.250
> 
> auto eth1
> iface eth1 inet static
>     address 192.168.0.254
>     netmask 255.255.255.0
>     network 192.168.0.0
>     broadcast 192.168.0.255
>     up iptables-restore < /etc/ltsp/nat.conf

Unless I am totally missing something, you do not need shorewall to 
masquerade for you.  That is what running

sudo iptables --table nat --append POSTROUTING --jump MASQUERADE 
--source 192.168.0.0/24

followed by

sudo sh -c 'iptables-save > /etc/ltsp/nat.conf'

and then appending

up iptables-restore < /etc/ltsp/nat.conf

to your /etc/network/interfaces does.(1)

I have definitely set up dual-nic edubuntu labs that serve regular pc's 
on the LAN multiple times these past few weeks.  The one *additional* 
step that I have to perform is changing my /etc/ltsp/dhcpd.conf file to 
make the Edubuntu box the gateway

option routers 192.168.0.254;

> 
> Then I simply followed the thinclienthowtonat file in the edubuntu wikis...
> Finally, and perhaps this is where there are issues from other people, I set
> up shorewall to masquarade from eth0 to eth1... by setting up a file called
> "masq" containing the following:
> 
> #####################################################################
> #INTERFACE              SUBNET          ADDRESS         PROTO   PORT(S)
> IPSEC
> eth0                    eth1
> #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
> 
> Of course you should probably set up your rules and all that, but there are
> some good examples on shorewall's site and various howto pages on the net.
> In any case, with that you will get it working with 2 nics guaranteed...
> Setting up a local dns server will also improve connection times drastically
> in the normal client computers...

Putting shorewall, squidguard, denyhosts, dhcpd, nagios, and 
dansguardian on a gateway router box is a good use for shorewall and can 
easily integrate webmin.  This is how we protect our setups in City parks.


> 
> Kind Regards,
> David Van Assche

--scott

(1) https://wiki.edubuntu.org/ThinClientHowtoNAT?highlight=%28nat%29

More information about the edubuntu-users mailing list