The Blacksands Receiver is designed to sit either directly on the Internet and bridge into a private network or in a DMZ and NAT across multiple networks.
The typical configuration for a DMZ deployment:
If you have you firewall forward all 443 traffic to the private Receiver IP on wan0. From wan0 the reciever will be able to connect to private ip’s within the same private subnet. Within the console, setup wan0 and turnoff lan0 - lan3.
Generic Firewall Configuration
- Allow New and Established in from 188.8.131.52:443 to Receiver IP (This allows legitimate pre-authenticated / pre-authorized connections to the Receiver)
- Allow New and Established out from Receiver to 10.10.10.X (This allows for the pre-authorized / pre-authenticated connections from the Receiver to the end Service)
- Allow New and Established from 10.10.10.X to Receiver IP (This allows for the onboarding Blacksands Remote Desktop Service. Actual Connections to PCs occur through process in steps 1 and 2)
- For full list see the following network requirements