Educational ICT Virtualisation Specialist

Twitter LinkedIn E-mail
Precedence Technologies Ltd
Technology House, 36a Union Lane
Cambridge, CB4 1QB, United Kingdom
T: +44 (0)8456 446 800 / +44 (0)1223 359900
F: +44 (0)8456 446 899 / +44 (0)1223 359459
E: enquiries@precedence.co.uk
Firewalling

Jump To: Support > KB > NetManager > Firewalling

Firewalling

The NetManager includes a full kernel-level firewall offering extremely high security. The firewall controls both access to the NetManager services and traffic passing through the NetManager if used as a gateway. The firewall is also responsible for:

Configuration

Click here for details on configuring the NetManager firewall.

The firewall can run in 3 modes:

Completely open

In this mode, there is no filtering at all. It can be useful for testing whether a connectivity problem is firewall-related, but general this mode should never be used.

Filter inward traffic

This is the default setting. Internal networks (or, more explicitly, network ranges configured as Trusted) will be able to send traffic to the outside without any filtering, but no external computer will be able to access any resources on your NetManager (except send email by default).

Filter inward and outward traffic

If you need to block internal users from accessing resources directly on the Internet or you have a complicated internal network structure (e.g. guest access VLAN or admin network separate from curriculum) you may want to use this mode. For example, if you have an unfiltered Internet connection, then if NAT is enabled, all users will be able to unset the proxy settings in their browser and get unfiltered access. By filtering the outward traffic, you can block all internal computers from sending HTTP requests (port 80) to the outside and thus force users to use your proxy.

Connecting the NetManager

There are a number of ways to connect the NetManager and the rest of your network to the Internet. This will affect how much filtering you are able to do.

  1. NetManager, router and all computers are connected together and use the same IP address range. In the situation, the NetManager is effectively just another client and so is unable to do any filtering, i.e. all clients will have unfiltered access. The NetManager firewalling will still allow control access to the NetManager services.
  2. Bridged network. This is an extension of the situation above. Two or more networks cards in the NetManager are bridged and so it behaves like a network switch. The NetManager still has only a single IP address. The router is connected directly into the NetManager. All traffic passing through the NetManager can be controlled using the firewall. This is a great method of delivering security without having to re-configure any machines.
  3. Router connected directly to NetManager. Internal network(s) connected to other NetManager network card(s). All networks have different IP address ranges. This is a classic NATed connection. If NAT is enabled, internal computers will be able to contact the outside world. This access can be filtered. There will be no access from the outside to the Internal network unless Port Mapping is used.
© Copyright Precedence Technologies 1999-2017
Page last modified on May 28, 2012, at 03:07 PM by sborrill