ipcop and network settings

dbclinton dbclin at gmail.com
Wed Mar 10 05:38:02 GMT 2010 

In case this is useful to anyone, I've worked out my configuration and
Ipcop is getting along just fine alongside my thin client network. I
simply removed any mention of eth0 (the Ipcop NIC) from
/etc/network/interfaces, allowing Ipcop to control it, and then ran
interfaces (maintaining the original 192.168.0.254 address of eth1) to
take care of the ltsp configuration.
Now that I'm configuring the firewall itself, however, I wonder why
there isn't an easier way to really block users from dancing right
around the proxy walls. Wouldn't this be a rather serious concern of
anyone deploying to large educational environments? Unless you do some
pretty unconventional configuring, all it would take for a kid to break
out to a wide-open Internet is to set Firefox to "no proxy"!
Has this bothered anyone? Isn't there a more straightforward fix than
adding custom rules to iptables?
David


On Tue, 2010-03-09 at 15:41 -0500, dbclinton wrote:
> Hi,
> I've put a PC running the Ipcop firewall between the Internet and my
> Edubuntu thin client server (Intrepid). The network card that connects
> Ipcop to my server (green) has these settings:
> =================
> eth0      Link encap:Ethernet  HWaddr 00:08:A1:1E:73:90  
>           inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:2062 errors:227 dropped:0 overruns:0 frame:0
>           TX packets:2215 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000 
>           RX bytes:369386 (360.7 KB)  TX bytes:1424440 (1.3 MB)
>           Interrupt:12 Base address:0xe800 
> =================
> To get my server to play nicely with Ipcop, I had to disable
> my /etc/network/interfaces file - which looked like this:
> =================
> auto eth1
> iface eth1 inet static
> 	address 192.168.0.254
> 	netmask 255.255.255.0
> 	network 192.168.0.0
> 	broadcast 192.168.0.255
> 	gateway 192.168.0.1
> 	# dns-* options are implemented by the resolvconf package, if installed
> 	dns-nameservers 192.168.0.1
> 	dns-search clinton
> 
> auto eth0
> iface eth0 inet static
>     address 192.168.0.254
>     netmask 255.255.255.0
>     network 192.168.0.0
>     broadcast 192.168.0.255 
> ===================
> 
> ...which got me talking nicely to Ipcop but which also, of course,
> brought my thin clients to a screaming halt.
> So I assume I have to reconfigure my server settings. My first question
> is: which ip settings can I safely use?
> Next, besides /etc/network/interfaces and /etc/ltsp/dhcpd.conf, are
> there any other files I'll have to know about?
> With thanks as always,
> David Clinton

More information about the edubuntu-users mailing list