Personally I would leave the question of the LTSP specifics out of it,
and ask yourself: how would I personally set up a network with a file
server, a set of clients, and a firewall? There are about 1.2 gazillion
ways, but I personally like to have my firewall setup on one piece of
dedicated hardware, and that's it. Keeps things much simpler. Whether
that is a D-Link DI-604, a FreeBSD, OpenBSD, Linux w/ shorewall /
smoothwall / ipcop / straight up IP Tables, it doesn't matter too much
for the average user. Whatever is comfortable. Then I would put all
the servers and clients on one LAN segment behind it.
[ WAN ] == [ Firewall ] == [ Servers | Clients ]
If you use a simple router box such as the D-Link, make sure you turn
off the DHCP server on it, put that functionality in something you can
really configure, either as part of LTSP, or a seperate box running
ISC's DHCP server, etc. If you want to beef up security I recommend you
find some ol box, slap 2 NICs in it, and put your favorite Linux or BSD
distro on it and get a good handle on the firewall configuration
available to you. In my experience trying to make one machine be a
one-machine-does-all can possibly work but i end up scratching my head
over configuration way too often to justify the reduced cost, besides
I've got old machines coming out of my ears.
my $0.02
Colin
b smyt wrote:
I have an ltsp network setup in my home, consisting of
two workstations and a server. I want to be sure I
have the firewall setup in the best possible way for
ltsp.
The following are three arrangements of my hardware I
have considered using. I wonder what other's opinions
are as to which one would be the most secure.
1. adsl modem > WAN port of D-link DI-604 ethernet
router > eth0 of ltsp server connected to a LAN port
of router. The two workstations connected to LAN ports
on the router. The firewall is in the router. This
setup uses one nic on the server.
2. adsl modem > eth0 of ltsp server > eth1 of ltsp
server > LAN port of D-link DI-604 ethernet router.
The two workstations connected to LAN ports on the
router. The firewall is in the ltsp server. This setup
uses two nics on the server.
3. adsl modem > WAN port of D-link router > eth0 of
ltsp server connected to a LAN port of the router. The
two workstations are connected to eth1 of the ltsp
server. The firewall is in the router. This setup uses
two nics on the server.
In arrangement 1 and 3 the firewall is the one built
into the DI-604. In arrangement 2, I used Shorewall to
set up a firewall within the ltsp server.
Somehow I have gotten the impression that arrangement
2 is the least secure because the firewall and ltsp
are in the same box. Arrangement 1 is also not secure
because the ltsp data is passing through the router
containing the firewall. Arrangement 3 would be the
most secure I am guessing, since the firewall in in a
separate piece of hardware before the ltsp server.
Thanks.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
--
Colin Osterhout
SERRC Technology Specialist
[EMAIL PROTECTED]
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
