ThinClientHowtoNAT

Differences between revisions 2 and 3
Revision 2 as of 2005-10-16 23:17:52
Size: 2383
Editor: p5089DE73
Comment: fixed some sudo oddness
Revision 3 as of 2005-10-16 23:25:08
Size: 2391
Editor: p5089DE73
Comment: more sudo weirdness
Deletions are marked like this. Additions are marked like this.
Line 39: Line 39:
sudo iptables-save > /etc/ltsp/nat.conf sudo sh -c 'iptables-save > /etc/ltsp/nat.conf'

Thin Client How-To NAT

This How To is a collection of information on how to allow thin clients to connect to the internet trough the server. The latter will act as NAT/gateway.

Requirements

You will need:

  • A Thin Client Server fully configured, with at least 2 network interfaces, one connected (or that can go) to the internet and one dedicated to the Thin Client Network. The following steps assumes that the Thin Client Server is installed also as gateway. It is possible however to use the same steps on the network gateway to allow the Server and the Clients to connect to internet.

Getting Started

  • Verify that both the interfaces are configured in /etc/network/interfaces
  • Check with ifconfig that both the interfaces are up.
  • Verify that the server can go to the internet.

NOTE: the steps above are important! be sure to verify that everything is as it should be. It will save a lot of headackes later on. If you are not sure about the network settings, please consult your local network administrator.

  • Edit /etc/network/options and enable ip_forward. The result would look like: 

    ip_forward=yes
spoofprotect=yes
syncookies=no

    and execute: 

    sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
    to enable the kernel ip forwarding functionality immediatly.

  • Enable masquerading. By default the ltsp network uses 192.168.0.0/24. Remember to change the example to fit your network setup. Use a command like: 

    sudo iptables --table nat --append POSTROUTING --jump MASQUERADE  --source 192.168.0.0/24
    to enable NAT.
  • Login on a Thin Client and enjoy internet connectivity. If this step does not work, you might want to revert the above command replacing --append with --delete.

  • To make the iptables NAT rules permanent execute the following commands: 

    sudo sh -c 'iptables-save > /etc/ltsp/nat.conf'

    • Edit /etc/network/interfaces and add to the internal interface stanza the following entry: 

      up iptables-restore < /etc/ltsp/nat.conf

      so that the overall will look like: 

      auto eth1
iface eth1 inet static
        address 192.168.0.1
        netmask 255.255.255.0
        broadcast 192.168.0.255
        network 192.168.0.0
        up iptables-restore < /etc/ltsp/nat.conf
      to ensure that the nat tables are configured properly at each boot.

ThinClientHowtoNAT (last edited 2009-07-23 23:21:16 by fupi)