ThinClientHowtoNAT
2539
Comment: enable ip forwarding using sysctl
|
3270
redraft to make things more clear
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
This How To is a collection of information on how to allow thin clients to connect to the internet trough the server. The latter will act |
This HowTo is a collection of information on how to allow thin clients to connect to the internet through the server. The latter will act |
Line 6: | Line 6: |
This is generally only necessary if you have the LTSP server running with two interfaces, one facing the main network and internet, the other facing the thin clients. For machines on the thin clients to get internet access (eg a thin client booted into windows, a local app on a thin client), they must pass their requests through the LTSP server. |
|
Line 11: | Line 13: |
* A Thin Client Server fully configured, with at least 2 network interfaces, one connected (or that can go) to the internet and one dedicated to the Thin Client Network. The following steps assumes that the Thin Client Server is installed also as gateway. It is possible however to use the same steps on the network gateway to allow the Server and the Clients to connect to internet. | * A Thin Client Server fully configured, with at least 2 network interfaces, one connected (or that can go) to the internet and one dedicated to the Thin Client Network. The following steps assumes that the Thin Client Server is installed also as gateway. It is possible however to use the same steps on the network gateway to allow the Server and the Clients to connected to internet. |
Line 13: | Line 15: |
== Getting Started == | == So how do you do it? == |
Line 15: | Line 17: |
* Verify that both the interfaces are configured in /etc/network/interfaces | === The ideas === |
Line 17: | Line 19: |
* Check with ifconfig that both the interfaces are up. | The conceptual steps are: |
Line 19: | Line 21: |
* Verify that the server can go to the internet. | 1. Ensure the LTSP server has internet access and the clients boot on the LTSP network. 1. Ensure the PC on the LTSP network has the LTSP server as default gateway. 1. Ensure the LTSP server will route requests out to its main network. 1. Ensure response traffic will get successfully routed back to the client by NATing (aka ip masquerading) the outgoing traffic. 1. Ensure the PC on the LTSP network can successfully make DNS requests. |
Line 21: | Line 27: |
'''NOTE:''' the steps above are important! be sure to verify that everything is as it should be. It will save a lot of headaches later on. If you are not sure about the network settings, please consult your local network administrator. |
=== Practical Instructions === |
Line 24: | Line 29: |
* Edit /etc/network/options and enable ip_forward. The result would look like: {{{ ip_forward=yes spoofprotect=yes syncookies=no }}} |
Each of these steps matches the ideas above: |
Line 30: | Line 31: |
* edit /etc/sysctl.conf and either add this line or uncomment if it's already there:{{{ | 1. Boot a standard thin client on the ltsp network and make sure it can get web access. If this doesn't work, you need to go back to the ltsp setup first. 1. Edit the dhcp settings on the ltsp server (in /etc/ltsp/dhcpd.conf) setting the routers option to the ip address of the ltsp server on the ltsp network, eg {{{ option routers 192.168.0.1; }}} and restart the dhcp server {{{ sudo /etc/init.d/dhcp3-server restart }}} '''Test''': Reboot the PC, to ensure it sees this and examine the default route (on linux type {{{route -n}}}). 1. On the LTSP server edit /etc/sysctl.conf and either add this line or uncomment if it's already there:{{{ |
Line 32: | Line 39: |
}}} and execute: {{{ sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward' }}} to enable the kernel ip forwarding functionality immediately. |
}}} then to make the setting immediately {{{ sudo sysctl -w net.ipv4.ip_forward=1 }}} 1. Enable masquerading. By default the ltsp network uses 192.168.0.0/24. Remember to change the example to fit your network setup. Use a command like: {{{ sudo iptables --table nat --append POSTROUTING --jump MASQUERADE --source 192.168.0.0/24 }}} to enable NAT. '''Test''': ping the dns server on the main network. 1. Edit the dhcp settings on the ltsp server, as above, setting the dns option to the ip address of the main network dhcp server, eg {{{ option domain-name-servers 10.0.0.1; }}} and again restart the dhcp server. '''Test''': Reboot the PC, to ensure it sees this and see that it has the correct dns server. Try pinging a real world server by name, eg {{{ ping www.ubuntu.com }}} |
Line 36: | Line 51: |
At this point, unless there are some issues upstream (eg firewall rules on the main router), you should be able to get internet access on the PC on the ltsp network. | |
Line 37: | Line 53: |
* Enable masquerading. By default the ltsp network uses 192.168.0.0/24. Remember to change the example to fit your network setup. Use a command like: {{{ sudo iptables --table nat --append POSTROUTING --jump MASQUERADE --source 192.168.0.0/24 }}} to enable NAT. * Login on a Thin Client and enjoy internet connectivity. If this step does not work, you might want to revert the above command replacing --append with --delete. * To make the iptables NAT rules permanent execute the following commands: {{{ sudo sh -c 'iptables-save > /etc/ltsp/nat.conf' }}} * Edit /etc/network/interfaces and add to the internal interface stanza the following entry: {{{ up iptables-restore < /etc/ltsp/nat.conf }}} so that the overall will look like: {{{ auto eth1 iface eth1 inet static address 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255 network 192.168.0.0 up iptables-restore < /etc/ltsp/nat.conf }}} to ensure that the nat tables are configured properly at each boot. |
Thin Client How-To NAT
This HowTo is a collection of information on how to allow thin clients to connect to the internet through the server. The latter will act as NAT/gateway.
This is generally only necessary if you have the LTSP server running with two interfaces, one facing the main network and internet, the other facing the thin clients. For machines on the thin clients to get internet access (eg a thin client booted into windows, a local app on a thin client), they must pass their requests through the LTSP server.
Requirements
You will need:
- A Thin Client Server fully configured, with at least 2 network interfaces, one connected (or that can go) to the internet and one dedicated to the Thin Client Network. The following steps assumes that the Thin Client Server is installed also as gateway. It is possible however to use the same steps on the network gateway to allow the Server and the Clients to connected to internet.
So how do you do it?
The ideas
The conceptual steps are:
- Ensure the LTSP server has internet access and the clients boot on the LTSP network.
- Ensure the PC on the LTSP network has the LTSP server as default gateway.
- Ensure the LTSP server will route requests out to its main network.
- Ensure response traffic will get successfully routed back to the client by NATing (aka ip masquerading) the outgoing traffic.
- Ensure the PC on the LTSP network can successfully make DNS requests.
Practical Instructions
Each of these steps matches the ideas above:
- Boot a standard thin client on the ltsp network and make sure it can get web access. If this doesn't work, you need to go back to the ltsp setup first.
Edit the dhcp settings on the ltsp server (in /etc/ltsp/dhcpd.conf) setting the routers option to the ip address of the ltsp server on the ltsp network, eg
option routers 192.168.0.1;
and restart the dhcp server
sudo /etc/init.d/dhcp3-server restart
Test: Reboot the PC, to ensure it sees this and examine the default route (on linux type route -n).
On the LTSP server edit /etc/sysctl.conf and either add this line or uncomment if it's already there:
net.ipv4.ip_forward=1
then to make the setting immediately
sudo sysctl -w net.ipv4.ip_forward=1
Enable masquerading. By default the ltsp network uses 192.168.0.0/24. Remember to change the example to fit your network setup. Use a command like:
sudo iptables --table nat --append POSTROUTING --jump MASQUERADE --source 192.168.0.0/24
to enable NAT. Test: ping the dns server on the main network.
Edit the dhcp settings on the ltsp server, as above, setting the dns option to the ip address of the main network dhcp server, eg
option domain-name-servers 10.0.0.1;
and again restart the dhcp server. Test: Reboot the PC, to ensure it sees this and see that it has the correct dns server. Try pinging a real world server by name, eg
ping www.ubuntu.com
At this point, unless there are some issues upstream (eg firewall rules on the main router), you should be able to get internet access on the PC on the ltsp network.
ThinClientHowtoNAT (last edited 2009-07-23 23:21:16 by fupi)