Censornet - internet filtering on your terms

Configuring inline mode

August 18, 2011 • Administrator       

Synopsis

Article

ATTENTION: Inline mode is not recommended for very large networks. Please consider using sideways mode (the default) instead.

You can switch to inline mode through the CensorNet setup program after installation.

Go to the CensorNet server command prompt (using keyboard and display, or via Putty) and log in as the root user. Then type:

setup

Hit Enter then select OPTION 1 - NETWORK CONFIGURATION. To use inline mode you will need two network cards (NICs) in the server. Once inline mode is enabled, the two network interfaces will form a bridge with one IP address which is used for management, e.g. to connect to the CensorNet Professional web control panel. When entering the IP address, you will also be asked to provide DNS and gateway details.

Once configured, you should plug one NIC into the switch for your network and the other NIC into your router/gateway. IMPORTANT NOTE: It can take up to 30 seconds for the bridge to start passing traffic after the cables are connected - this is due to spanning tree protocol (STP).

Once active, any traffic passing over the bridge in either direction will be inspected and the web traffic (ports 80 and 443) will be redirected  to the CensorNet proxy for filtering.

NOTE 1: When inline mode is enabled, SSL INTERCEPT MODE is also enabled and you will need to install the CensorNet root certificate on all computers. You can do this via group policy. Please see the Getting Started Guide for details.

NOTE 2: There may be servers that you do not wish to filter that use the HTTP protocol for communication. These server IP addresses should be bypassed to avoid interference. 

Related articles

• How to install CensorNet’s SSL certificate authority using a Group Policy Update
• How to configure Censornet for Inline Mode