Parent: UbuntuLTSP

This page has been moved from ThinClientHowtoNAT on 2009-07-23

Thin Client How-To NAT

This document explains how you configure an LTSP server to act as gateway for computers on the thin client network using Network Address Translation. If it seems long, it's only because we're trying to catch every possible scenario. There are six steps which include tests to make sure each one worked.

Traditional thin clients don't need this as their applications run on the LTSP server. This is generally only necessary if you have the LTSP server running with two interfaces, one facing the main network and internet, the other facing the thin clients. In that instance, for machines on the thin client network to get direct internet access (eg a thin client booted into windows, a local app on a thin client), they must use the LTSP server as a gateway.


You will need:

  • A Thin Client Server fully configured, with at least 2 network interfaces, one connected (or that can go) to the internet and one dedicated to the Thin Client Network.
  • To know the ip address of the LTSP server on the thin client network (we assume it's below, but it might not be).
  • To know the network address and netmask of your ltsp network. The default is, historically expressed as the pair of (,
  • To know the IP address of the DNS server on your main network (/etc/resolv.conf on the ltsp server should tell you that).
  • A normal PC (not thin client) you can plug into the ltsp network temporarily to run tests.

If you don't know the information above, you can find it out. Skip down to the section below on "information gathering".

So how do you do it?

The Ideas

The conceptual steps are:

  1. Ensure the LTSP server has internet access and the clients boot on the LTSP network.
  2. Set up a test PC on the thin client network.
  3. Ensure the PC on the LTSP network has the LTSP server as default gateway.
  4. Ensure the LTSP server will route requests out to its main network.
  5. Ensure response traffic will get successfully routed back to the client by setting up Network Address Translation (explanation on wikipedia).

  6. Ensure the PC on the LTSP network can successfully make DNS requests.

Practical Instructions

Each of these steps matches the ideas above. Please carry out the tests as you go, so you know you're on the right track:

  1. Sitting at the LTSP server itself, test its web access by opening firefox and going to some webpages, eg If this doesn't work, you need to go back to the basic ltsp server setup first.

  2. Boot a normal PC (not a thin client) on the thin client network. A laptop or desktop running windows or linux is fine. Test web access. It should not work. If it does work, you've either already got NAT working, or something else is wrong.
  3. Edit /etc/ltsp/dhcpd.conf (sudo gedit /etc/ltsp/dhcpd.conf) setting the routers option to the ip address of the ltsp server on the ltsp network. eg

       option routers;

    and restart the dhcp server

       sudo /etc/init.d/dhcp3-server restart

    ON 11.10 restart the dhcp server

       sudo /etc/init.d/ish-dhcp-server restart

    Test: Reboot the test PC on the thin client network and check if it sees the new default gateway (on linux type ip route and look at the line beginning "default"; on windows type "route print" into a command prompt and look for default gateway).

  4. On the LTSP server edit /etc/sysctl.conf (sudo gedit /etc/sysctl.conf) and either add this line or uncomment if it's already there:


    which will take effect at next server reboot. To make the setting effective immediately, now run the command

       sudo sysctl -w net.ipv4.ip_forward=1
  5. Enable network address translation. By default the ltsp network address/mask is Remember to change the example to fit your network setup. Use a command like:

       sudo iptables --table nat --append POSTROUTING --jump MASQUERADE  --source

    to enable NAT. To make this setting permanent run

       sudo sh -c 'iptables-save > /etc/ltsp/nat'

    and add the extra line up iptables-restore < /etc/ltsp/nat to the bottom of the eth0 (or whichever is your LTSP interface) stanza of /etc/network/interfaces so it looks something like

    auto eth0
    iface eth0 inet static
            up iptables-restore < /etc/ltsp/nat

    . This creates a script called /etc/ltsp/nat which restores the NAT next time the eth0 network interface comes up. Test: ping the dns server on the main network from the test PC.

  6. Again, edit /etc/ltsp/dhcpd.conf, as above, setting the dns option to the ip address of the main network DNS server (listed in /etc/resolv.conf on the LTSP server beside the word "nameserver"), eg

       option domain-name-servers;

    and again restart the dhcp server

       sudo /etc/init.d/dhcp3-server restart

    . Test: Reboot the test PC again, to update its DNS server. Try pinging a real world server from the test PC by name, eg


At this point, unless there are some issues upstream (eg firewall rules on the main router), you should be able to get internet access on the PC on the ltsp network AND on your thin clients.

Information Gathering

If you don't know the information needed above, here are some tricks to find out:

  • The main DNS Server is listed in /etc/resolv.conf on the LTSP server beside the word "nameserver". If there's more than one, just choose the top one.

    search lan 
  • The IP address and network address/mask of your LTSP server on the thin client network is usually and by default. The command ip route on the LTSP server will list all of this:

    gavin@robin ~> ip route dev eth0  proto kernel  scope link  src dev eth1  proto kernel  scope link  src dev eth0  scope link  metric 1000 
    default via dev eth1  metric 100
    The first two lines tell you there are two networks visible directly to the LTSP server and the network address and netmask of those networks. One is the main network, one is the ltsp network. The last line, "default" tells you where the ltsp server goes when it wants the internet. It goes to eth1, so eth1 must be the main network and eth0 must be the ltsp network. The "src" at the end of the first two lines is the ltsp server's IP address on that network. So, in this example, the default route is to eth1 so that's my main network. eth0 must then be my LTSP network which has network address/mask of and the server's ip on that network is

Still not working???

If these steps fail or you find them confusing, please email and we'll help you through it in person as well as try and improve this page for future users.


UbuntuLTSP/ThinClientHowtoNAT (last edited 2012-07-24 19:13:10 by wirelessben)