Now, I am aware that there's a very good reason for the system James describes not to have an internet connection, but with a few precautions system safety can remain uncompromised. The first action is to install a 2nd network card. I assume the server, as it's a stand-alone device, also runs a DHCP and DNS server. The latter is of no concern (and may even be omitted at James' workplace) but the former will play a role in securing the system against unwanted attention. This new network card will be connected to the company network and must be declared in /etc/network/interfaces as obtaining an IP address of said network via its DHCP server. However, it should not do so automatically!
Next step involves some scripting (I'll leave that to James ) to do the following:
- check if all clients have released their leases on the DHCP server of the stand-alone system
- start eth1, update the mirror, then shutdown eth1 again
With a bit more scripting this can be expanded to include the latest updates to the 4 LAN machines James referred to, by having the mirror update early in the weekend, when traffic levels at most company networks are low, and using WoL (Wake on LAN) packets to awake the machines about 2 hrs before workers are scheduled to arrive Monday morning and push the updates on each machine (in effect: having the script log in on each machine and force a dist-upgrade)
Do note that although the server has 2 NIC's, it is not a proxy! As there are no bridging rules to route traffic from the internal LAN to the company network (or vice versa) no machine on this LAN will have a connection to the internet, even if it would be online during the time the mirror is updating itself!
I hope Mr Grant will read this and gives it a try, and perhaps others in a similar situation will find it of benefit too I could have written in to LXF, but this is so much more convenient (and direct )