Talk:XS Configuration Management: Difference between revisions

From OLPC
Jump to navigation Jump to search
m (Firewall function)
 
No edit summary
Line 1: Line 1:
Hi, just wondering about a firewall function in the XS server, ie; with dual NIC's using one 'real' IP on ETH0 and then all school PC's are assigned a 10.x.x.x address via DHCP on ETH1. IPTables would take of the routing between interfaces.
Hi, just wondering about a firewall function in the XS server, ie; with dual NIC's using one 'real' IP on ETH0 and then all school PC's are assigned a 10.x.x.x address via DHCP on ETH1. IPTables would take of the routing between interfaces.

:There can be a firewall there, but there isn't. Unlike the windows world, we expect our laptops to protect themselves. There is often going to be a NAT functionality (in IPv4), but we are working to provide IPv6 tunneling to allow school laptops to be full=fledged residents of the Internet.

:That said, there will be ''some'' application proxies at the servers (hooked in using iptables). HTTP cache for sure, and possibly others. These are only contemplated if they greatly improve the performance of the network at little cost to a particular and well-known application. --[[User:Wad|Wad]] 22:48, 16 January 2008 (EST)

Revision as of 03:48, 17 January 2008

Hi, just wondering about a firewall function in the XS server, ie; with dual NIC's using one 'real' IP on ETH0 and then all school PC's are assigned a 10.x.x.x address via DHCP on ETH1. IPTables would take of the routing between interfaces.

There can be a firewall there, but there isn't. Unlike the windows world, we expect our laptops to protect themselves. There is often going to be a NAT functionality (in IPv4), but we are working to provide IPv6 tunneling to allow school laptops to be full=fledged residents of the Internet.
That said, there will be some application proxies at the servers (hooked in using iptables). HTTP cache for sure, and possibly others. These are only contemplated if they greatly improve the performance of the network at little cost to a particular and well-known application. --Wad 22:48, 16 January 2008 (EST)