High-level Zentyal abstractions¶
Network objects¶
The Network objects are a way to represent network elements or a group of them. They allow you to simplify and consequently, to make easier to manage network configuration: network objects allow to give an easily recognizable name to elements or a group of them and to apply the same configuration to all of them.
For example, you can give a recognizable name to an IP address or a group of them. Instead of defining the same firewall rule for all IP addresses, it is enough to define it for the network object that contains the addresses.
Representation of a network object
Management of Network objects with Zentyal¶
To start to work with the Zentyal objects, go to Objects section, where you can see initially an empty list, with the name of all the objects and a series of actions you can carry out on each one of them. You can create, edit and delete objects that will be used later by other modules.
Network objects
Each one of these objects consists of a series of members that you can modify at any time. The members must have at least the following values: Name, IP Address y Netmask. The MAC address is optional and logically you can only use it on members that represent a single host and it will be applied when the MAC address is accessible.
Add a new member
The members of one object can overlap with members of other objects and therefore you must be careful when using them in the other modules to obtain the desired configuration and to not to have any problems.
Network services¶
The Network services is a way to represent the protocols (TCP, UDP, ICMP, etc) and the ports used by an application. The purpose of the services is similar to that of the objects: objects allow to refer to a group of IP addresses with a recognizable name and services allow to identify a group of ports by the name of an application that uses them.
Client connection to a server
When browsing, for example, the most usual port is the HTTP port 80/TCP. But in addition, you also have to use the HTTPS port 443/TCP and the alternative port 8080/TCP. Again, it is not necessary to apply a rule that affects the browsing of each one of the ports, but the service that represents browsing and contains these three ports. Another example is the file sharing in Windows networks, where the server listens to the ports 137/TCP, 138/TCP, 139/TCP and 445/TCP.
Management of Network services with Zentyal¶
To manage services with Zentyal, go to Services menu, where you will find a list of available services, created by all the installed modules and those defined additionally. You can see the Name, Description and an indication whether the service is Internal or not. A service is Internal if the ports configured for the service are being used in the same server. Furthermore, each service has a series of members, each one of the with Protocol, Source port and Destination port values. You can introduce the value Any in all of the fields to specify, for example, the services for which the source port is indifferent.
You can use TCP, UDP, ESP, GRE or ICMP protocols. You can also use a TCP/UDP value to avoid having to add twice the same port that is used in both protocols, as in the case of DNS.
Network services