Am Freitag, den 02.11.2007, 07:41 -0700 schrieb Mel Wade:

> Interesting concept.  The trick would be to tie the session to the specific
> IP address.

And here the problem begins. If you want an application to use a
specific IP on "outgoing" packets, usually that app should use the
bind() call on the network connection to assign itself an IP and port
number. If the app does not (most probably, firefox), this will just not
happen. You could try with LD_PRELOAD, and other hacks, of course.

I just had another idea, which I cannot verify right now because I do
not have full NAT enabled on this machine.

If you define an additional loopback interface like this

[EMAIL PROTECTED]:~# ifconfig lo:1 172.29.0.0 netmask 255.255.0.0 up

you gain 65534 local IP addresses. Assume you have only one LTSP server,
one proxy and no more machines that are important, like this:

[internet] -- [proxy] -- [ltsp-server] -- [terminals]

You could setup your proxy with an additional route:

[EMAIL PROTECTED]:~# route add -net 172.29.0.0/16 gw 10.0.200.1
(where 10.0.200.1 is the outward interface IP of the ltsp server)

So your proxy should also be able to ping the IP addresses in the
172.29/16 range. This saves you from having countless virtual interfaces
and, in one go, gives you lots of IP addresses, so that you could have a
mapping userid(numeric)-> ip-address.

Let us assume that all user ids 500 and above (up to a fixed number),
and all are members in the "users" group (gid 100).
Then use the following iptables commands for the OUTPUT chain:

iptables -N rewriteip
iptables -A OUTPUT --gid-owner 100 -j rewriteip
iptables -A rewriteip --uid-owner 500 -j SAME --to 172.29.1.244
iptables -A rewriteip --uid-owner 501 -j SAME --to 172.29.1.245
iptables -A rewriteip --uid-owner 502 -j SAME --to 172.29.1.246
... ( I calculated the IP such that 172.29.x.y => uid (256*x + y) )

I cannot test this at the moment. Perhaps someone can tell wether that
sounds reasonable...

Best regards
Anselm


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_____________________________________________________________________
Ltsp-discuss mailing list.   To un-subscribe, or change prefs, goto:
      https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help,   try #ltsp channel on irc.freenode.net

Reply via email to