Network services
5.1. Network services in eBox
As it happened in Chapter 4, the network services are an abstraction to ease the management of your network. Each network service describes a set of ports for Internet protocols where service accepts requests. Providing a name plus an optional description allows you to manage the network service policies more intuitively and less error-prone.
The network services are used by firewall module (Chapter 6) and traffic shaping module (Chapter 19). Anyway, as eBox philosophy every feature which use a network service must use this module to work with and ease the administration life.
In order to get the network service management you may go to .
As you may notice, there are several services which have been created by eBox for you. These services are used by eBox modules afterwards. For instance, dhcp service is described as an internal service called 'Dynamic Host Configuration Protocol'.This service is read-only as it is already managed by dhcp module automatically. Each service has a configuration where the service protocol, well-known source and destination ports are set. There are three special services which define the generic abstraction for every service (any) and every TCP/UDP service. They are entered to handle easily rules defined in other modules that depends on this network services.
You may input a new service with these following elements:
- Service name
The name for the service which refers uniquely this service in the system
- Description
This field defines the verbose description for the network service to ease the administration management. It is an optional field.
- Internal
When a network service is set as internal, those protocol/port pairs that owns this service will be set as busy, that is not available for others services to use.
- Configuration
The service configuration is a multiple value configuration setting which may contain these three elements:
- Protocol
The Internet protocol which may set one of these values: TCP/UDP, TCP, UDP, GRE, ICMP or "any". If the protocol is set to GRE or ICMP, then it is banned to set any port since it is banned by protocol construction
- Source port
A well-known source port may contain one of the following:
Any. Indicates any port for that protocol or set of them
Single port. Indicates a single port for that protocol or set of them
Port range. Indicates a port range including all of them for that protocol or set of them
- Destination port
Analogously with source port, the same elements appear in destination port.
You might inspect several system-defined services prior to add your own ones. Anyway, a user-defined service may be created when additional network services be installed on top of an eBox installation, for example introducing FTP (File Transfer Protocol) service.
Example 5.1. Service configuration example
Service name. ftp
Description. File Transfer Protocol
Internal. yes
Configuration:
protocol: tcp, source port: any, destination port: 20 (Define the control connection channel)
protocol: tcp, source port: any, destination port: 21 (Define the data flow connection channel)
Posts
Post a Comment