NxFilter Tutorial
Tutorial Index

NxProxy and Remote Filtering
NxFilter provides a remote filtering client software that is NxProxy. Once you install it on a user system, you can filter and monitor the Internet activity from the user system regardless of user location.

You need to open TCP/80, TCP/443 port on NxFilter.

Globlist doesn't support NxProxy.


Install NxProxy on Windows
When you run its Windows installer, you will see its setup program (C:/Program Files/nxproxy/setup.exe) running. There are Server Address and Login Token parameters for you to set up with your own values.

On NxFilter, every user has a unique login token.

After you modify the config values, test your setup and then start it. You can see if it is working by viewing 'Logging > Agent Signal' on NxFilter GUI. There will be signals from NxProxy.

You can add multiple server IP addresses or domains separated by commas if you run a cluster of NxFilter.


Uninstall NxProxy on Windows
To prevent uninstalling by your user, NxProxy doesn't show its uninstaller on Add/Remove programs in Windows control panel. When you uninstall NxProxy, you need to do it manually with the following steps.

1. Run C:/Program Files/nxproxy/bin/unstsvc.bat.
2. Delete C:/Program Files/nxproxy' folder


Silent install on Windows
For those of you wanting to install NxProxy on multiple PCs using GPO or PDQ deployment, we have silent install options.

For silent install,

/silent : Runs the installer in silent mode (The progress window will be displayed).
/verysilent : Very silent mode. No windows will be displayed.

And you can specify Server Address and Login Token,

/server=192.168.0.100
/token=GKSYEJYG

This is the final form of the command.


		nxproxy-1.0.1.exe /verysilent /server=192.168.0.100 /token=GKSYEJYG
	


Install, uninstall NxProxy on macOS
We have a macOS package for NxProxy. You can download it from our homepage and install it as you do with the Windows version of NxProxy. One difference is that you need to have Java or JRE installed before installing NxProxy.

We recommend AdoptOpenJDK. They provide macOS packages that are properly signed and notarized for macOS security requirements.

Your NxProxy will be installed into /Library/nxproxy. To run its setup program,


		/Library/nxproxy/setup-mac.sh
	

To uninstall it,


		/Library/nxproxy/uninstall-mac.sh
	


Signals of NxProxy
We defined several signals with which you can find out what is happening on a user system. NxProxy sends these signals.

  • START : When NxProxy starts, it sends START signal to NxFilter.
  • STOP : When NxProxy stops, it sends STOP signal to NxFilter.
  • PING : NxProxy sends PING signal to NxFilter every 5 minutes.

You can view these signals on 'Logging > Agent Signal' on NxFilter GUI.


Fail-safe measure for NxProxy
When NxProxy can't connect to its server, it bypasses filtering temporarily before it gets the connection restored. This is because your users need to be able to use the Internet anyway. If you use clustering, you can use multiple server addresses for redundancy.


Bypassing local domain
You may need to bypass your local domains to your local DNS server. This is especially needed when you run NxProxy in an Active Directory environment. NxProxy is supposed to detect local DNS and AD domain automatically and bypass AD domain to the local DNS server. However, this automatic process doesn't work in some environment. In that case, you can set them up on 'Policy > NxProxy'.


Keeping static IP address
NxProxy needs to detect DNS server IP of the system it's running on. And it also needs to restore the DNS settings it changed when it stops. While doing that, it uses DHCP and it will change your system IP address. However, you may want to use a static IP for your system. In that case, you can set 'local_dns' parameter on 'C:/Program Files (x86)/nxproxy/conf/cfg.properties' file.

local_dns = 192.168.0.100

When you set 'local_dns' then it doesn't need to find its system DNS server by DHCP anymore.


Servicing NxFilter to roaming users
You may want to filter the roaming users outside your network by NxFilter while filtering your local network at the same time. You can port forwarding TCP/80 and TCP/443 traffic to NxFilter by your router.


Auto-switch to local filtering
You may want to stop NxProxy filtering while it's in your local network as you already have filtering by NxFilter or NxCloud there. In that case, enable 'Auto-switch' on 'Policy > NxProxy'.

You need v1.0.5 or later of NxProxy and v4.3.8.5 or later of NxFilter or NxCloud for auto-switch.


Disabling Firefox, Chrome DoH
Since you don't want to allow people bypassing NxProxy using DoH (DNS over HTTPS), NxProxy will try to block your users using DoH with Firefox and Chrome. When it detects the DoH settings of Firefox enabled, it will disable the settings and kill the Firefox process. For Chrome, we only detects its DoH settings by startup parameters and kill its process. The DoH settings through Chrome setup page or GUI respect your system DNS settings.

We defined two special domains to alert you for disabling DoH settings of user browsers. You will have block log data for the following domains when NxProxy blocks a browser using DoH.

  • firefox.doh.app
  • chrome.doh.app