Create and Manage Services

 

Introduction

This document goes over the specifics of creating and managing services in the NetFoundry Console. See Introduction to Services for an overview of services and how they work.

Manage Services

services_index.png

To manage your Services on the console, choose Manage Services from the navigation menu. From this page you can:

  • Create a new service
  • Edit existing services
  • Delete services

Click on a service row to edit it. Click the blue plus-sign in the upper right corner to create a new service. Use the ellipsis menu at the end of each row to take actions on an individual service. 

 

Creating a new service

service_types.png

From the Manage Services page, click the blue plus-sign icon to create a new service.  

 

 

Create a new IP Host Service

create_ip_host_service.png

An IP Host service allows access to a single IP address, protocol, and one or more ports. It has the following attributes:

Service Name

A free-form text label to uniquely identify this service on your network

Gateway

Select the egress gateway closest to the service host. The host IP address must be reachable from this egress gateway.

IP Address

The real IP address of the service host, in dotted-quad format.

Port/Range

Specify the service port(s) on this host. You can name a single port, or a hyphen-separated range of ports (e.g. "1-1023").

Intercept IP Address

Specify an alternate IP address in dotted-quad format that clients will use to reach this service host, rather than using the real IP address. This is analogous to Destination NAT. For example, if you specify an IP address "10.0.0.1", and an intercept address "11.0.0.1", then clients must use 11.0.0.1 to reach the service. The egress gateway will translate the intercept address into the real address when forwarding the packet toward the service host.

Intercept Port/Range

Specify an alternate set of ports that clients will use to reach the host, similar to Intercept IP address. You must specify the same number of ports here that you entered in the Port/Range field. For example, if you specify port "80", and an intercept port "8080", then clients must use port 8080 to reach the service. The egress gateway will translate the intercept port into the real port when forwarding the packet toward the service host.

Protocol

Choose the protocol your service is using: TCP, UDP, or TCP/UDP

Advanced Options

Transparency, Enable Permanent Connection, Data Interleaving. See Advanced Options for more information.

 

Create a new IP Network Service

create_ip_network_service.png

An IP Network Service permits access to an entire range of IP addresses on any protocol/port. It has the following attributes:

Service Name

A free-form text label to uniquely identify this service on your network

Gateway

Select the egress gateway closest to the network. The network must be reachable from this egress gateway.

Network Address

The real IP address(s) of the network range, in CIDR format.

Intercept Address

Specify an alternate IP address in dotted-quad format that clients will use to reach the first address in the range, rather than using the real IP addresses. This is analogous to Destination NAT. For example, if you specify a network address "10.0.0.0/24", and an intercept address "11.0.0.0", then clients must use the 11.0.0.0/24 address block to reach the 10.0.0.0/24 hosts. The egress gateway will translate the intercept address into the real address when forwarding the packet toward the service host.

Advanced Options

Enable ICMP Tunneling, Transparency, Enable DNS Tunneling, Enable Permanent Connection, Data Interleaving. See Advanced Options for more information.

 

Create a new Ping Host Service

create_ping_host_service.png

A Ping Host Service permits ICMP echo request and ICMP echo reply packets to the destination, without allowing any other protocols or ports. It has the following attributes:

Service Name A free-form text label to uniquely identify this service on your network

Gateway

Select the egress gateway closest to the service host. The host IP address must be reachable from this egress gateway.
IP Address The real IP address of the service host, in dotted-quad format.

Intercept IP Address

Specify an alternate IP address that clients will use to reach this service host, rather than using the real IP address. This is analogous to Destination NAT. For example, if you specify an IP address "10.0.0.1", and an intercept address "11.0.0.1", then clients must use 11.0.0.1 to reach the service. The egress gateway will translate the intercept address into the real address when forwarding the packet toward the service host.

Advanced Options

Enable Permanent Connection. See Advanced Options for more information.

 

 

Advanced Options

Each service type has one or more advanced options, but not all services support all advanced options. The default setting will work for most circumstances. Most of the time you can leave these values as-is unless a NetFoundry support engineer instructs you to change them.

Transparency

By default, the gateway will hide the source IP of the client and present the gateway IP address as source IP for the client to access the target host for a service. The selection of the transparency option allows the source IP of client to be presented to the target host for the service rather than the gateway IP address.

Enable Permanent Connection

The permanent connection option can reduce the time required to setup the initial service connection for a client. By default, the transport connection will timeout after a period of time if there is no active data transfer. The selection of the permanent connection option can speed up the initial access to a service by creating an active transport connection. 

Data Interleaving 

The selection of data interleaving option can provide additional security as data interleaving will split data traffic of a session across several transport paths. The selection of the data interleaving option may affect total data throughput in certain cases depending upon packet sizes. 

Enable ICMP (Ping) Tunneling

The selection of the Enable ICMP (Ping) tunneling option allows a ping to be tunneled through the host gateway to the target host. Only ICMP echo request/reply packets are supported. 

Enable DNS Tunneling

The selection of the Enable DNS tunneling option allows clients to use the DNS resolver address(es) configured on the gateway to resolve DNS requests. The local client DNS lookup can be used in the event of a DNS request timeout from the gateway DNS resolves address(es).

 

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.