On Thu, Feb 02, 2006 at 02:41:12PM -0500, Joe Auerbach wrote:
> I am as such.
>
> net <--- firewall <--- ltsp server (which has the mac address to ip
> table) <-- clients.
Ah, I see the problem; All your bits a running in the wrong direction:
Try this configuration instead:
net --->firewall---> ltsp server --> clients.
:-)
> Does that make sense? More or less I'm running perfectly normal ltsp
> straignht out of the book on a static ip system where thed ip addresses
> are assigned on the individual machines (or on hte ltsp server, in the
> case of ltsp).
Yes, seems fine.
Do you still have a question?
>
>
> Jeff Kinz wrote:
>
> >On Thu, Feb 02, 2006 at 09:17:20AM -0500, Joe Auerbach wrote:
> >
> >
> >>Here's a question. Since all the machines are actually running locally
> >>on hte ltsp box, do they keep their ip's as far as the firewall is
> >>converned? That is, will it see ip.box.1 as different from ip.box.2, or
> >>will they all be ip.box.server?
> >>
> >>
> >>
> >
> >It depends on where the firewall is and how routing the clients boxes
> >requests is being and (finally) how you are managing your IP address
> >space.
> >
> >In most cases (I think) the LTSP clients get IP addresses which are not
> >ever going to be publicly (Internet) visible so all of their IP
> >traffic gets "NAT'ed" to/from the public IP address which is gateway-ed
> >to the internet. If your firewall is doing the "NATting" then yes, the
> >firewall sees the internal IP's. That is the case for many networks
> >that I have done but its not the only way to do it.
> >
> >Many networks separate the NAT and firewall functions to different *boxen
> >for both performance and security reasons. On those networks, the
> >firewall is usually "outside" (on the internet) and the NAT box is
> >usually "inside" (behind the firewall) so that firewall would never see
> >the internal (LTSP client) IP's.
> >
> >
> >*"boxen" derivative of "Vaxen" meaning "possibly more than one".
> >
> >
> >
> >
>
>
> --
>
> joe auerbach
> systems administrator
> pcb / rossman and co
> 614-523-4150
> [EMAIL PROTECTED]
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> _____________________________________________________________________
> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
> For additional LTSP help, try #ltsp channel on irc.freenode.net
>
--
Jeff Kinz, Emergent Research, Hudson, MA.
speech recognition software may have been used to create this e-mail
"The greatest dangers to liberty lurk in insidious encroachment by men
of zeal, well-meaning but without understanding." - Brandeis
To think contrary to one's era is heroism. But to speak against it is
madness. -- Eugene Ionesco
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
