Thin Client /etc/hosts entry

Mickey Moore tcamdmoore at yahoo.com
Wed Jan 14 04:26:40 GMT 2009 

OK - now I get the picture. I had this exact problem. I can give you two other solutions that I have used. My present solution at my main campus for this private/public network address mapping problem is I run BIND9 on my Ubuntu LTSP. I put it in forward only mode to the real DNS server and create entries for the school domain I have public/private conflicts in. I then change the dhcpd.conf file so LTSP is the DNS server for the clients. 

Second I have come to use a standalone firewall machine in place of the Linksys router I started with based on PFSense. PFSense has a section where you can override the dns with static entries. When you give any machine inside you network the address of the PFsense box as dns server it overrides these static entries and passes the rest on to the real DNS. The PFSense also has a gateway VPN builtin which lets me seemlessly connect my other two campuses together. You can actually login to the pfsense box and run tcpdump to isolate issues both within and outside your network. I discovered a DDOS against my school mail server with this once. It has traffic graphs which show me in and out traffic by time of day. It has firewall logs and state tables which often allow problem resolution without tcpdump. It has proven far more robust and reliable than my Linksys box which I used to have to send someone to the wiring closet to reboot several times a week. 

Some samples from my LTSP BIND9 config files follow:

In file /etc/bind/named.conf.options add your ISP DNS server 1 and 2 as below. Note I replaced my ISP's real DNS servers with the xx.xx.xx... entries below

options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you might need to uncomment the query-source
	// directive below.  Previous versions of BIND always asked
	// questions using port 53, but BIND 8.1 and later use an unprivileged
	// port by default.

	// query-source address * port 53;

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.


	// forwarders {
	// 	0.0.0.0;
	// };

        forward only;
        notify no;
        forwarders{
              xx.xx.xx.20;
              xx.xx.xx.21;
        };

In File /etc/bind/named.conf.local again I replaced my real internet name with xxxxxx.org. Note the 10.0.0 is matches my schools private internal address range. You would use your 192.168.... range instead

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "xxxxxx.org" {
        type master;
        file "/etc/bind/xxxxxx.org";
};
zone "0.0.10.in-addr.arpa" in{
        type master;tcalex.org
        file "/etc/bind/10.0.0";
};

In File /etc/bind/xxxxxx.org where yyyyyyyy and xxxxxx replace my real names

$TTL	43200
@		IN	SOA	yyyyyyyy.xxxxxx.org.	hostmaster.yyyyyyyy.xxxxxx.org. (
			2001043001 ; serial
			1H ; refresh
			15M ; retry
			14D ; expire
			12H ; default_ttl
			)
@		IN	MX	5	mail.xxxxxx.org.
@		IN	NS	yyyyyyyy.xxxxxx.org.
www             IN      A       10.0.0.211
fierylake       IN      A       10.0.0.1
adam            IN      A       10.0.0.4

In File 10.0.0 again yyyyyyyy and xxxxxx replace real names

$TTL    43200
@               IN      SOA     yyyyyyyy.xxxxxx.org. hostmaster.yyyyyyyy.xxxxxx.org. (
                        2001043001 ; serial
                        1H ; refresh
                        15M ; retry
                        14D ; expire
                        12H ; default_ttl
                        )
@               IN      NS      yyyyyyyy.xxxxxx.org.
1		IN	PTR	fierylake.xxxxxx.org.
211             IN      PTR     www.xxxxxx.org.
4               IN      PTR     adam.xxxxxx.org.








--- On Tue, 1/13/09, M Rathburn <stretchem at gmail.com> wrote:

> From: M Rathburn <stretchem at gmail.com>
> Subject: RE: Thin Client /etc/hosts entry
> To: tcamdmoore at yahoo.com
> Date: Tuesday, January 13, 2009, 3:33 PM
> > -----Original Message-----
> > From: edubuntu-users-bounces at lists.ubuntu.com 
> > [mailto:edubuntu-users-bounces at lists.ubuntu.com] On
> Behalf Of 
> > Mickey Moore
> > Sent: Tuesday, January 13, 2009 3:01 PM
> > To: 'Edubuntu Users Group'
> > Subject: RE: Thin Client /etc/hosts entry
> > 
> > How will you use the DNS names? To ssh into one of the
> 
> > terminals you will first have to ssh into the LTSP
> which they 
> > are connected to. Since you will be creating the
> session from 
> > the LTSP to a client it should be sufficient to have
> the 
> > names in the /etc/host file of the LTSP server. You
> can 
> > assign specific IP addresses to specific devices by
> assigning 
> > it via MAC address in the DHCPD.conf on the LTSP. At
> least it 
> > is not clear to me how you would know a specific
> thin-client 
> > name/address ahead of time any other way. 
> > 
> > 
> ----------------------------
> 
> Running Firefox as a local app.

More information about the edubuntu-users mailing list