Am Freitag, den 02.11.2007, 07:41 -0700 schrieb Mel Wade: > Interesting concept. The trick would be to tie the session to the specific > IP address.
And here the problem begins. If you want an application to use a specific IP on "outgoing" packets, usually that app should use the bind() call on the network connection to assign itself an IP and port number. If the app does not (most probably, firefox), this will just not happen. You could try with LD_PRELOAD, and other hacks, of course. I just had another idea, which I cannot verify right now because I do not have full NAT enabled on this machine. If you define an additional loopback interface like this [EMAIL PROTECTED]:~# ifconfig lo:1 172.29.0.0 netmask 255.255.0.0 up you gain 65534 local IP addresses. Assume you have only one LTSP server, one proxy and no more machines that are important, like this: [internet] -- [proxy] -- [ltsp-server] -- [terminals] You could setup your proxy with an additional route: [EMAIL PROTECTED]:~# route add -net 172.29.0.0/16 gw 10.0.200.1 (where 10.0.200.1 is the outward interface IP of the ltsp server) So your proxy should also be able to ping the IP addresses in the 172.29/16 range. This saves you from having countless virtual interfaces and, in one go, gives you lots of IP addresses, so that you could have a mapping userid(numeric)-> ip-address. Let us assume that all user ids 500 and above (up to a fixed number), and all are members in the "users" group (gid 100). Then use the following iptables commands for the OUTPUT chain: iptables -N rewriteip iptables -A OUTPUT --gid-owner 100 -j rewriteip iptables -A rewriteip --uid-owner 500 -j SAME --to 172.29.1.244 iptables -A rewriteip --uid-owner 501 -j SAME --to 172.29.1.245 iptables -A rewriteip --uid-owner 502 -j SAME --to 172.29.1.246 ... ( I calculated the IP such that 172.29.x.y => uid (256*x + y) ) I cannot test this at the moment. Perhaps someone can tell wether that sounds reasonable... Best regards Anselm ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net