Educational ICT Virtualisation Specialist

Twitter LinkedIn E-mail
Precedence Technologies Ltd
Technology House, 36a Union Lane
Cambridge, CB4 1QB, United Kingdom
T: +44 (0)8456 446 800 / +44 (0)1223 359900
E: enquiries@precedence.co.uk
Firewalling-Configure

Jump To: Support > KB > NetManager > Firewalling > Configure

Configuring the NetManager firewall

Go to Network > Firewall in webadmin. You will see four tabs:

Mode tab

Allows you to switch between the different firewall modes. If set to Completely open, the other settings will have no effect.

Trusted networks tab

This tab allows you to configure trusted networks from which all traffic will be allowed through the firewall

Incoming ports tab

Normally, all services (except for SMTP mail) will be blocked to the outside world (or more specifically to any untrusted network. This tab allows you to open up access from anywhere to certain pre-defined services simply by ticking a box and clicking Set ports. These are the pre-defined services and port numbers:

  • File Transfer (FTP) - 20,21
  • Command line (telnet) - 23
  • Secure shell and tunnelling (SSH) - 22
  • Web server (HTTP) - 80
  • Name server (DNS) - 53
  • VNC - 5900-5903
  • Microsoft Terminal Services (RDP) - 3389
  • Citrix MetaFrame (ICA) - 1494
  • Mailboxes via IMAP - 143
  • Mailboxes via POP3 - 110
  • Reception of mail via SMTP - 25
  • Jabber Instant Messaging/Chat (from client) - 5222
  • Jabber Instant Messaging/Chat (from other server) - 5269
  • Secure web server (HTTPS) - 443

When setting up Port Mapping, access for those mapped ports will usually be configured in Port Mapping section.

Custom configuration tab

If you need finer control than that offered by the settings on Port Mapping or Incoming parts, the Custom configuration tab allows to create allow/deny rules for specific ports, protocols (UDP vs TCP), networks ranges and hosts. For example:

Allow In TCP From 10.20.30.0/24 to Network 192.168.1.0/24 on port 80

All traffic flowing through the NetManager (that isn't already allowed) is subject to these rules. This includes NATted traffic and traffic from VPNs. This is particularly useful when setting up a locked down Guest Wireless network.

© Copyright Precedence Technologies 1999-2024
Page last modified on May 28, 2012, at 03:22 PM by sborrill