0

I have a LTSP subnet (192.168.0.0/24) and want to disable NAT for every client except one client

The purpose is to deny (on demand) access to internet from student clients, but always allow it from the unique teacher client.

The IP of client used by teacher is always the same: 192.168.0.253

The LTSP subnet is connected to eth1, while internet comes from eth0 (this NIC is connected to a router placed between the LAN: 10.0.0.0/8 and WAN school backbone: 172.16.0.0/12).

My distro (debian-edu) has included a /etc/init.d script named enable-nat that I would use for the purpose.

Basically it uses two functions:

When service START:

do_start()
{
  /sbin/iptables -t nat -A POSTROUTING -s $NETWORK_TO_NAT -o $OUTSIDE_IF -j MASQUERADE
}

When service STOP:

do_stop()  
{  
   /sbin/iptables -F -t nat
}

Was wondering how I can implement what I wish using this script.

Thanks in advance

user2452426
  • 111
  • 4

1 Answers1

1

Just replace $NETWORK_TO_NAT with the IP address of the client you want NAT.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58