On Fri, 30 Apr 2004, Ken Cobler wrote:In all my server configurations that I support (LTSP and otherwise), I never let the production server go directly to the Internet. I have a gateway machine (486 or old PC that no one is using) that simply runs iptables, and often squid. Simple reason is that if I missed something in setting up a gateway machine, and a hacker can still get in or send malicous code that somehow breaches security, they'll be limited to the gateway. The production server can still keep running.
[EMAIL PROTECTED] wrote:
I'm thinking that Varun needs his users to have browser access to pages on the local server, but he doesn't want them browsing the internetAs I mentioned before, you can achieve this completely with squid.
So far, nobody has addressed that problem.
Jim McQuillan
Yes you can, but any monkey with half a brain will re-configure their browser to NOT use a proxy server.
BUT, there was a post from Kai earlier this morning addressing this issue by using iptables with a user-id as part of the rule. I'd forgotten that you could do that. Seems like a clever solution.
Jim.
If the gateway and the production machine were the same machine (and that nasty hacker breaches security), I would have a lot of angry users as I try to rebuild the production machine.
So, it was my error in assuming someone would never want to run LTSP production server and a gateway server on the same machine.
Correct, you can run squid and LTSP on the same machine, and have it configured through iptables to force all HTTP requests to squid.
Ken
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
