Talk:XS Configuration Management: Difference between revisions
Jump to navigation
Jump to search
m (Firewall function) |
No edit summary |
||
Line 1: | Line 1: | ||
Hi, just wondering about a firewall function in the XS server, ie; with dual NIC's using one 'real' IP on ETH0 and then all school PC's are assigned a 10.x.x.x address via DHCP on ETH1. IPTables would take of the routing between interfaces. |
Hi, just wondering about a firewall function in the XS server, ie; with dual NIC's using one 'real' IP on ETH0 and then all school PC's are assigned a 10.x.x.x address via DHCP on ETH1. IPTables would take of the routing between interfaces. |
||
:There can be a firewall there, but there isn't. Unlike the windows world, we expect our laptops to protect themselves. There is often going to be a NAT functionality (in IPv4), but we are working to provide IPv6 tunneling to allow school laptops to be full=fledged residents of the Internet. |
|||
:That said, there will be ''some'' application proxies at the servers (hooked in using iptables). HTTP cache for sure, and possibly others. These are only contemplated if they greatly improve the performance of the network at little cost to a particular and well-known application. --[[User:Wad|Wad]] 22:48, 16 January 2008 (EST) |
Revision as of 03:48, 17 January 2008
Hi, just wondering about a firewall function in the XS server, ie; with dual NIC's using one 'real' IP on ETH0 and then all school PC's are assigned a 10.x.x.x address via DHCP on ETH1. IPTables would take of the routing between interfaces.
- There can be a firewall there, but there isn't. Unlike the windows world, we expect our laptops to protect themselves. There is often going to be a NAT functionality (in IPv4), but we are working to provide IPv6 tunneling to allow school laptops to be full=fledged residents of the Internet.
- That said, there will be some application proxies at the servers (hooked in using iptables). HTTP cache for sure, and possibly others. These are only contemplated if they greatly improve the performance of the network at little cost to a particular and well-known application. --Wad 22:48, 16 January 2008 (EST)