Moin Anselm,
the situation is worse than that :-(
Anselm Martin Hoffmeister schrieb:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am Mittwoch, 17. November 2004 08:32 schrieb Eilert:
There's only one drawback: all students must be logged in when applying the barrier as for some unknown reason, no one (of those blocked) will be able to log in with the block set (KDE login fails). But this doesn't bother us here, otherwise it seems to run well up to now.
Rolf
Looks as if you block XDMCP (aka login manager) traffic with your rules. Try to allow traffic for that port, maybe that just solves the problem. Should be UDP port 177.
It now appeared that even some programs don't start or crash when already up.
My rule is
iptables -A OUTPUT -d ! 192.168.10.0/24 -m owner --uid-owner <owner-id> -j DROP
That is, just "drop everything that goes beyond our internal network". My guess would be that a reference to localhost is missing - after all, this is LTSP, and (almost) everything is about that single machine.
Unfortunately, I don't see a chance to define kinda "OR" rule:
IF (localhost) OR (192.168.10.0/24) THEN let it pass
or
IF NOT (localhost) OR (192.168.10.0/24) THEN drop
Rolf
------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net