Re: [K12OSN] [K12Ltsp] k12ltsp server as an internet firewall /

Eric Harrison (eharrison@mail.mesd.k12.or.us)
Mon, 18 Feb 2002 18:17:58 -0800 (PST)

Messages sorted by: [ date ][ subject ][ author ]
Next message: Eric Harrison "Re: [K12OSN] squid no_cache statement"
Previous message: Paul Nelson "Re: [K12OSN] Installation Problems of K12LTSP - 2.0"

On Mon, 18 Feb 2002, Bruce Huddleson wrote:

>On Fri, 2002-02-15 at 01:47, Julius Szelagiewicz wrote:
> > Dear Folks,
> > 	one of my expensive firewall / vpn / everything applaiances got
> > fried. i am not thrilled with spending money on a new one. i was thinking
> > of putting a k12ltsp server in its place. any advice on config? (firewall
>[snip]
>LTSP is a very open design - it really expects that the people on it are
>a trusted community. Don't even think of connecting an LTSP setup to all
>those nasty people on the internet without a firewall. To me, that means
>a dedicated box - which could be a cheap PC running one of the
>Linux-based firewall packages.
>
>John

It all depends on how paranoid you are. The default configuration of K12LTSP
expects two nics, one that is "open" to the internal network where the
terminals are and one that is firewalled off by default (permitting only
DHCP & SSH).

So in short, K12LTSP (with the default config) is firewalled from the big-bad
world. But, as an earlier poster pointed out, "defense in depth" is required
for a truely "secure" configuration. Where one firewall is good two is better.

-Eric

_______________________________________________
K12OSN mailing list
K12OSN@redhat.com
https://listman.redhat.com/mailman/listinfo/k12osn
For more info see

Next message: Eric Harrison "Re: [K12OSN] squid no_cache statement"
Previous message: Paul Nelson "Re: [K12OSN] Installation Problems of K12LTSP - 2.0"