90 likes | 246 Views
Linux Terminals @ OSU. Presenting: Karl Vollmer Implemented By: Brian Staffenson karl.vollmer@oregonstate.edu / irc.oregonstate.edu #osu-id. What we have. 13 Residence Halls 4 Cooperative Houses 3900 Beds 3500+ Students 1600 Summer Conference guests
E N D
Linux Terminals @ OSU Presenting: Karl Vollmer Implemented By: Brian Staffenson karl.vollmer@oregonstate.edu / irc.oregonstate.edu #osu-id
What we have 13 Residence Halls 4 Cooperative Houses 3900 Beds 3500+ Students 1600 Summer Conference guests Two Computer in every residence hall w/CRT
Previous Setup Independent Linux boxes running Debian Updates were pushed via rsync HDDs in every computer Regular incidents of vulgar material left on terminals
Objectives Reduce power consumption and complexity Centralize updates and faster changes Increase uptime and prevent tampering Increased lifetime of components
Linux Terminal Server Project Wiki: http://wiki.ltsp.org/twiki/bin/view/Ltsp/WebHome Downloads: http://wiki.ltsp.org/twiki/bin/view/Ltsp/DownLoads
Our Configuration Firefox launches on boot HDD, CDRom & Floppy Disk removed 2 Min of inactivity resets the web browser and clears any changes Screensaver Images are pulled from network share making updates easy
Required Resources Server: Dell GX270 w/1Gb ram and two network cards Current Clients: Dell GX260’s, Previous Clients: GX150 (866Mhz) 256mb of ram Switches supporting VLANs between client and server
IP Tables Script #!/bin/sh # IPTABLES PROXY script for the Linux 2.4 kernel. echo -e "\n\nSETTING UP IPTABLES PROXY..." # SET THE INTERFACE DESIGNATION FOR THE NIC CONNECTED TO YOUR INTERNAL NETWORK INTIF="eth1" # SET THE INTERFACE DESIGNATION FOR YOUR "EXTERNAL" (INTERNET) CONNECTION EXTIF="eth0" # SET YOUR EXTERNAL IP ADDRESS EXTIP=“10.13.37.0" echo "Loading required stateful/NAT kernel modules..." /sbin/depmod -a /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_conntrack_irc /sbin/modprobe iptable_nat /sbin/modprobe ip_nat_ftp /sbin/modprobe ip_nat_irc echo " Enabling IP forwarding..." echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_dynaddr # Clearing any existing rules and setting default policy iptables -P INPUT ACCEPT iptables -F INPUT iptables -P OUTPUT ACCEPT iptables -F OUTPUT iptables -P FORWARD DROP iptables -F FORWARD iptables -t nat -F # FWD: Allow all connections OUT and only existing and related ones IN iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 22 -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT # Enabling SNAT (MASQUERADE) functionality on $EXTIF iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE