ThinClientHowtoNAT

Revision 11 as of 2009-01-12 23:25:12

Clear message

Thin Client How-To NAT

This HowTo is a collection of information on how to allow thin clients to connect to the internet through the server. The latter will act as NAT/gateway.

This is generally only necessary if you have the LTSP server running with two interfaces, one facing the main network and internet, the other facing the thin clients. For machines on the thin clients to get internet access (eg a thin client booted into windows, a local app on a thin client), they must pass their requests through the LTSP server.

Requirements

You will need:

  • A Thin Client Server fully configured, with at least 2 network interfaces, one connected (or that can go) to the internet and one dedicated to the Thin Client Network. The following steps assumes that the Thin Client Server is installed also as gateway. It is possible however to use the same steps on the network gateway to allow the Server and the Clients to connected to internet.

So how do you do it?

The ideas

The conceptual steps are:

  1. Ensure the LTSP server has internet access and the clients boot on the LTSP network.
  2. Ensure the PC on the LTSP network has the LTSP server as default gateway.
  3. Ensure the LTSP server will route requests out to its main network.
  4. Ensure response traffic will get successfully routed back to the client by NATing (aka ip masquerading) the outgoing traffic.
  5. Ensure the PC on the LTSP network can successfully make DNS requests.

Practical Instructions

Each of these steps matches the ideas above. Please carry out the tests as you go, so you know you're on the right track:

  1. Boot a standard thin client on the ltsp network and make sure it can get web access. If this doesn't work, you need to go back to the ltsp setup first.

  2. Edit the dhcp settings on the ltsp server (in /etc/ltsp/dhcpd.conf) setting the routers option to the ip address of the ltsp server on the ltsp network, eg 

       option routers 192.168.0.254;

    and restart the dhcp server 

       sudo /etc/init.d/dhcp3-server restart

    Test: Reboot the PC, to ensure it sees this and examine the default route (on linux type route -n).

  3. On the LTSP server edit /etc/sysctl.conf and either add this line or uncomment if it's already there:

       net.ipv4.ip_forward=1

    then to make the setting immediately 

       sudo sysctl -w net.ipv4.ip_forward=1

  4. Enable masquerading. By default the ltsp network uses 192.168.0.0/24. Remember to change the example to fit your network setup. Use a command like: 

       sudo iptables --table nat --append POSTROUTING --jump MASQUERADE  --source 192.168.0.0/24

    to enable NAT. To make this permanent run 

       sudo sh -c 'iptables-save > /etc/ltsp/nat'

    and add an extra line to the bottom of the eth1 stanza of /etc/network/interfaces so it looks like 

    auto eth1
iface eth1 inet static
        address 192.168.0.254
        netmask 255.255.255.0
        broadcast 192.168.0.255
        network 192.168.0.0
        up iptables-restore < /etc/ltsp/nat.conf

    . This creates a script to restore the NAT next time LTSP the network comes up. Test: ping the dns server on the main network.

  5. Edit the dhcp settings on the ltsp server, as above, setting the dns option to the ip address of the main network dhcp server, eg 

       option domain-name-servers 10.0.0.1;

    and again restart the dhcp server. Test: Reboot the PC, to ensure it sees this and see that it has the correct dns server. Try pinging a real world server by name, eg 

       ping www.ubuntu.com

At this point, unless there are some issues upstream (eg firewall rules on the main router), you should be able to get internet access on the PC on the ltsp network.

CategoryCleanup