NxFilter Tutorial

NxProxy and Remote Filtering
NxFilter provides a remote filtering client software that is NxProxy. Once you install it on a user system, you can filter and monitor the internet activity from the user system regardless of user location.

You need to open TCP/80, TCP/443 port on NxFilter.

Globlist doesn't support NxProxy.


Install NxProxy on Windows
When you run its Windows installer, you will see its setup program (C:/Program Files (x86)/nxproxy/setup.exe) running. There are Server Address and Login Token parameters for you to set up with your own values.

On NxFilter, every user has a unique login token.

After you modify the config values, test your setup and then start it. You can see if it is working by viewing 'Logging > Agent Signal' on NxFilter GUI. There will be signals from NxProxy.

You can add multiple server IP addresses or domains separated by commas if you run a cluster of NxFilter.


Uninstall NxProxy on Windows
To prevent uninstalling by your user, NxProxy doesn't show its uninstaller on Add/Remove programs in Windows control panel. When you uninstall NxProxy, you need to do it manually with the following steps.

1. Run C:/Program Files (x86)/nxproxy/bin/unstsvc.bat.
2. Delete C:/Program Files (x86)/nxproxy' folder


Silent install on Windows
For those of you wanting to install NxProxy on multiple PCs using GPO or PDQ deployment, we have silent install options.

For silent install,

/silent : Runs the installer in silent mode (The progress window will be displayed).
/verysilent : Very silent mode. No windows will be displayed.

And you can specify Server Address and Login Token,

/server=192.168.0.100
/token=GKSYEJYG

This is the final form of the command.


		nxproxy-1.0.1.exe /verysilent /server=192.168.0.100 /token=GKSYEJYG
	


Signals of NxProxy
We defined several signals with which you can find out what is happening on a user system. NxProxy sends these signals.

  • START : When NxProxy starts, it sends START signal to NxFilter.
  • STOP : When NxProxy stops, it sends STOP signal to NxFilter.
  • PING : NxProxy sends PING signal to NxFilter every 5 minutes.

You can view these signals on 'Logging > Agent Signal' on NxFilter GUI.


Fail-safe measure for NxProxy
When NxProxy can't connect to its server, it bypasses filtering temporarily before it gets the connection restored. This is because your users need to be able to use the internet anyway. If you use clustering, you can use multiple server addresses for redundancy.


Bypassing local domain
When you run NxProxy in your local network, you may need to bypass your local domain to your local DNS server. This is especially needed when you run NxProxy in an Active Directory environment. NxProxy is supposed to detect local DNS and AD domain automatically and bypass AD domain to the local DNS server. However, this automatic process doesn't work in some environment. In that case, you can set them up manually on 'Policy > NxProxy'.


Keeping static IP address
NxProxy needs to detect DNS server IP of the system it's running on. And it also needs to restore the DNS settings it changed when it stops. While doing that, it uses DHCP and it will change your system IP address. However, you may want to use a static IP for your system. In that case, you can set 'local_dns' parameter on 'C:/Program Files (x86)/nxproxy/conf/cfg.properties' file.

local_dns = 192.168.0.100

When you set 'local_dns' then it doesn't need to find its system DNS server by DHCP anymore.


Token User and Real User
NxProxy uses a Login Token to associate with NxFilter users. In the NxFilter log view, it appears as the username associated with that token. When installing several NxProxy instances on user systems, creating individual users for each NxProxy installation is straightforward and easy to manage.

However, when dealing with many users, creating hundreds of users for hundreds of NxProxy installations becomes impractical. In such cases, you can use the same login token for multiple NxProxy instances. However, this may cause confusion, as multiple users will appear under the same username.

To address this, NxProxy detects the current Windows username and sends it to NxFilter. NxFilter then displays this information in the format tokenname_realname, making it easier to distinguish between different users.

An exception to this behavior occurs when NxFilter finds a matching username for the Windows username sent by NxProxy. In this case, NxFilter assumes you have created a user specifically for the Windows user running NxProxy and uses the matching username instead.

For example, if you have a user named 'nxproxy' on NxFilter and run NxProxy on a system where the current Windows user is 'johndoe', the log view will display 'nxproxy_johndoe'. However, if you create a user named 'johndoe' on NxFilter, the NxProxy instance running under 'johndoe' will simply appear as 'johndoe'.

This behavior is not limited to usernames in the log view. When a user appears as 'nxproxy_johndoe', it is treated as the 'nxproxy' user and follows the policy assigned to 'nxproxy'. However, if a matching username (johndoe) exists, the user is treated as 'johndoe' and follows the policy assigned to 'johndoe'.