Ken Cobler wrote: > Varun wrote: > > Hello, > > I want to put my ltsp4 server and squid proxy server > > on the same machine. > > I want internet access only for non ltsp clients. > > I want no ltsp clients to have internet access.
> 2) Route all internet requests through the squid proxy server. Put the > LTSP workstations in a specific IP address range. Reject requests > inside squid for the specific IP address range of the LTSP workstations. > > 3) Disable default gateway for the LTSP workstations. No gateway, no > access to the Internet. 2) and 3) will not work because its the server which runs the browser processes for the LTSP clients, so you need to disable access from the server to any destinations port 80. On the other hand squid itself needs just this connection. You should have a packet filter (iptables) allowing squid as the only user to connect to the internet. You can redirect all other connections from port 80 to squid's input port 3128. Doing this you get a transparent proxy and do not need to configure any browser. Try the following firewall rules (I use them on a SuSE 9.0): # transparent proxy for localhost: #allow user squid and root to access the internet via destination port 80(www): iptables -A OUTPUT -o ppp0 tcp --dport www -t nat -m owner --uid-owner squid -j ACCEPT iptables -A OUTPUT -o ppp0 tcp --dport www -t nat -m owner --uid-owner root -j ACCEPT #force all other request for destination port 80(www) to port 3128 iptables -A OUTPUT -o ppp0 tcp --dport www -t -j REDIRECT --to 3128 Within squid you can handle specific needs for user access via access control lists. Or you can configure iptables to accept connection from any other clients to the internet. cu ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
