I'll first start out by saying that I am just an avid user. Have never developed anything, other than written a few shell programs for personal use here and there. I don't claim any serious knowledge, I just enjoy learning through toubleshooting, and have never really been able to just sit and read a reference manual.
I first started using the LTSP project in conjuction w/ the K12-LTSP project that popped up awhile back. Got it working at home, but never really did anything with it. Just prior to that though, I had up and running a floppy-based firewall/router called Dachstein (check references below). This is part of the LRP/LEAF project, which is quite well maintained. Getting this part of the project, WAN LTSP, is another story, but I'll touch breifly on it as well. One last thing before I get to far, I could not have done anything at all w/o the great support that is inherit in all of the projects like this one. Linux Rocks! Getting the basics of the firewall/router is pretty straight forward, so I'll move on to the gateway part of the project. If you are going to implement a terminal server in a single location, security is a major concern. It is well documented that there is a significant amount of risk to making an x-server just available to god and everyone. You can first start to eliminate some of the threat using an IPSec (IP Security) gateway. IPSec takes a little effort to setup, but can be done using a single disk, w/ the propper tweaking under a Dachstein based install. Me, I cheated and bought a Disk-On-Module (DOM), which is a solid-state IDE harddrive, 16mb was about $65, and I think it has come down again. Well worth it! At anyrate, IPSec allows you to establish a secure link between two given points. There is quite extensive documentation on this so I won't go into it too much, except that this is an easy way to bridge two LANs together. And since the subnets behind the gateway are using a private ip class (generally 192.168.x.x or 10.x.x.x), it makes it harder for people on the outside to cause any problems. Atleast in my situation, I setup individual boxes to do my routing, one on each side of the world (across town), each running thier own dhcpd servers, again this is all done through the floppy based firewall. Once this is done, work on getting IPSec working, this shouldn't take too long, and I have done enough troublshooting on my own to help out anyone that needs a little assitance. Once this part is done, you can test it by pinging machines on each of the subnet, like so. from a client workstation, clienta------server-----internet-----server----clientb 192.186.1.1-192.168.1.254------192.168.2.254-192.168.2.1 ping 192.168.2.1 ------------------------------pong! If IPSec is working correctly, then you should get the ping response. YOU CANNOT CONTINUE WITHOUT THIS WORKING. Once this is up and operational, the rest is pretty straight forward. Get LTSP up and running like you normally would for LAN. You will then need to modify network.conf on each of the gateway machines to allow for the tftp protocol through the firewall. I'm not 100% sure on that last one, I think that the tftp requests should work regardless, because it is being tunneled through the IPSec gateway, I'll test some more of that tomorrow. You will also need to make the proper adjustments to the dhcpd.conf, very similar to the way it is done in the LTSP documentation, except that you will need to add a line next-server ip.ad.dr.es; this is the ip address of the LTSP server. If this is not set correctly, the machines will not know where to download the kernel from, it will always try to grab the kernel from the same server as the DHCP server. I also found that for some reason, I was not able to grab the 'lpp' version of the kernel, but when switching to the normal kernel, it worked fine, I think there may be a character limit when working with this, something else I will need to verify. Generally speaking it works just like it would if it were on a local lan. Once IPSec is in place, and the subnets are 'merged' in the since of being available to one another, the rest is pretty transparent. In a real world design, speed is a serious concern. Rember that most LANs are operating at 100mbit, and even slower ones are operating at atleast 10mbit. In comparison, xDSL is usuall 1.5mbit/128kbit (down/up); Cable up to 10mbit/128kbit; T1 1.5mbit (up/down). In my test, I ran the x-server from my house to my office, both opperating on a cable line. I monitored the traffic and saw a spike at 50KB sent (roughly 3 times the normal speed to send data), which I'm still trying to figure out. You will definately notice a performance problem in a similar scenario, I can't speak for a T1-T1 type situation, although I hope to be able to test something similar in the coming days. Thats about it, I'm not much of a typist, although I've written quite a little story above, I'm not sure how usefull it will prove to be. If it helps great, otherwise email me w/ specific questions and I'll try to help out. As for the office migration part of the whole thing, We are a pretty simple shop. Documents, spreadsheets, are pretty common around our office, and we run only one specially designed app, I had planned to run a Win2k/Citrix terminal server to solve a couple of our MS based software requirements (Linux needs a good accounting/pos/retail program). I will keep you posted as the integration actually happens. One thing I have not worked on yet though, is local serial/usb support for cameras and palm pilots, things of that nature. I welcome any assitance on that project still to come... Hope something I wrote here helps someone, if not, sorry for babbling. Joey Officer Martin Apparatus, Inc. Houston, TX Linux -Advocate in Action! ref. Dachstein http://lrp.steinkuehler.net/ LEAF Project http://leaf.sourceforge.net/ K12-LTSP http://www.k12ltsp.org/ IPSec http://www.freeswan.org/ _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
