Um, Can't you just install a third network card to solve this? There were some great solutions in this thread, most of which would work very well if you had 3 NIC's instead of two.
NIC #1 (eth0) could be used for your Internet connection,
NIC #2 (eth1) could be used for the LTSP Terminals,
NIC #3 (eth2) cold be used for the normal systems.
That would allow you to configure their respective access to the Internet via subnets, allowing yo to use IPTables and Squid for all connected systems.
HTH
Lanman
I should have clarified the idea.
1) Accept all connections from eth1 (network segment which you could name as "LTSP" in Shorewall) to "FW" - (Virtual segment created by Shorewall itself), 2) Accept all connections from eth2 (network segment which you could call "MyLan" in Shorewall) to "FW" - (Virtual segment also created by Shorewall ), 3) Accept all connections from eth2 to iNet - (Network segment which Shorewall sees as the Internet, 4) Drop all connections from eth1 (Segment called LTSP) to eth0 (iNet segment)
An even simpler way would be to NOT enable NAT for the LTSP zone, but enable it for MyLan. This would make it easy to run your Internal Web-Site, and leave it at that.
If you only want the LTSP users to be able to view on web-page, then you should also be able to make the "pref.js" file, and the "Cache" folders in their profile as read only, but if you ever changed the page, this would complicate things.
HTH
Lanman
Hi Lanman
I just could not make it work. I have eth0 for Net and eth1 for ltsp. I am forgetting LAN for now because that is really not problem. I ran shorewall and selected non of the option to be connected to the internet and set eth0 as connecting interface. I have installed Firestarter and used to set NAT. If I disable NAT for eth1 the clients just don't boot. It seems to block everything. If I allow NAT for eth1 and disable all services , disable TOS and ICM ( i am no sure ) then everything goes thru' . I suspect this firestarter is not doing a complete job. As if I deny www access to eth1 then ltsp clients should not be able to browse. Now if this Firestarter does not fully work how to drop and accept connections between eth0 and eth1. Did you use webmin ?
Thanks again for the help
Varun
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
