1. Linux Terminals @ OSU Presenting: Karl Vollmer Implemented By: Brian Staffenson karl.vollmer@oregonstate.edu / irc.oregonstate.edu #osu-id

2. What we have 13 Residence Halls 13 Residence Halls 4 Cooperative Houses 4 Cooperative Houses 3900 Beds 3900 Beds 3500+ Students 3500+ Students 1600 Summer Conference guests 1600 Summer Conference guests Two Computer in every residence hall w/CRT Two Computer in every residence hall w/CRT

3. Previous Setup Independent Linux boxes running Debian Independent Linux boxes running Debian Updates were pushed via rsync Updates were pushed via rsync HDDs in every computer HDDs in every computer Regular incidents of vulgar material left on Regular incidents of vulgar material left on terminals terminals

4. Objectives Reduce power consumption and complexity Reduce power consumption and complexity Centralize updates and faster changes Centralize updates and faster changes Increase uptime and prevent tampering Increase uptime and prevent tampering Increased lifetime of components Increased lifetime of components

5. Linux Terminal Server Project Wiki: http://wiki.ltsp.org/twiki/bin/view/Ltsp/WebHome http://wiki.ltsp.org/twiki/bin/view/Ltsp/WebHomehttp://wiki.ltsp.org/twiki/bin/view/Ltsp/WebHome Downloads: http://wiki.ltsp.org/twiki/bin/view/Ltsp/DownLoads http://wiki.ltsp.org/twiki/bin/view/Ltsp/DownLoadshttp://wiki.ltsp.org/twiki/bin/view/Ltsp/DownLoads

6. Our Configuration Firefox launches on boot Firefox launches on boot HDD, CDRom & Floppy Disk removed HDD, CDRom & Floppy Disk removed 2 Min of inactivity resets the web browser 2 Min of inactivity resets the web browser and clears any changes and clears any changes Screensaver Images are pulled from Screensaver Images are pulled from network share making updates easy network share making updates easy

7. Required Resources Server: Dell GX270 w/1Gb ram and two network cards Server: Dell GX270 w/1Gb ram and two network cards Current Clients: Dell GX260’s, Current Clients: Dell GX260’s, Previous Clients: GX150 (866Mhz) 256mb of ram Previous Clients: GX150 (866Mhz) 256mb of ram Switches supporting VLANs between client and server Switches supporting VLANs between client and server

8. IP Tables Script #!/bin/sh # IPTABLES PROXY script for the Linux 2.4 kernel. echo -e "\n\nSETTING UP IPTABLES PROXY..." # SET THE INTERFACE DESIGNATION FOR THE NIC CONNECTED TO YOUR INTERNAL NETWORK INTIF="eth1" # SET THE INTERFACE DESIGNATION FOR YOUR "EXTERNAL" (INTERNET) CONNECTION EXTIF="eth0" # SET YOUR EXTERNAL IP ADDRESS EXTIP=“10.13.37.0" echo "Loading required stateful/NAT kernel modules..." /sbin/depmod -a /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_conntrack_irc /sbin/modprobe iptable_nat /sbin/modprobe ip_nat_ftp /sbin/modprobe ip_nat_irc echo " Enabling IP forwarding..." echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_dynaddr # Clearing any existing rules and setting default policy iptables -P INPUT ACCEPT iptables -F INPUT iptables -P OUTPUT ACCEPT iptables -F OUTPUT iptables -P FORWARD DROP iptables -F FORWARD iptables -t nat -F # FWD: Allow all connections OUT and only existing and related ones IN iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 22 -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT # Enabling SNAT (MASQUERADE) functionality on $EXTIF iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

9. Questions?