A modern AMD64 Bit Server can use 8 GB RAM for little extra cost nowadays. This amount of memory can be used to run two classrooms at the same time. To cascade switches produces a bottleneck situation. We recommend using an additional Network Interface card for the second switch. A fully built up system would look like this:

• eth0 for first classroom 192.168.0.0/24
• eth1 for second classroom 192.168.1.0/24
• eth2 for Internet if available

This is our /etc/network/interfaces configuration:

auto eth0
iface eth0 inet static
address 192.168.0.250
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.0.1
dns-search linux4afrika.local

auto eth1
iface eth1 inet static
address 192.168.1.250
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255

auto eth2
iface eth2 inet dhcp

Additionally /etc/dhcp3/dhcpd.conf must support two networks:

# x2go thin client range for eth0
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.199;
filename "/pxelinux.0";
next-server 192.168.0.250;
}

#x2go thin client range for eth1
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.199;
filename "/pxelinux.0";
next-server 192.168.1.250;
option routers 192.168.1.250;
}

By default ipforwarding is turned off. As a result, clients cannot connect from one classroom to the other. All clientshowever reach both server NICs, making daemons like LDAP, Proxy, NFS etc. available for everybody.

If an administrator needs this access he/she will need to setup manually:

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE