Firewall setups for ATNF evlbi network
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: <Chris.Phillips_at_email.protected>
Date: Wed, 11 Apr 2007 13:55:50 +1000 (EST)
Hi all,
As I am sure you have all come across we all our institutions are heavily
guarded via firewalls. I am about to send a moderately large change of
firewall setting to Shaun for the evlbi network and thought it best to try
and do changes in a coordinated way to minimise the numbers changes. The
ATNF evlbi network are the machines pkvsi1-ext,pkvsi2-ext mpvsi1-ext,
mpvsi2-ext, cavsi1-ext, cavsi2-ext and epvsi1-ext. Currently what is
allowed is:
Outgoing:
ssh (port 22 TCP) to
anyhost
Real time fringe testing (ports 7420&7425 TCP) to
pentane.ssi.swin.edu.au
evlbi (ports 52100-52104 TCP&UDP) to
pentane
jive (huygens, aus-1)
Incoming
ssh from
pentane
.phys.utas.edu.au (campus only)
.csiro.au
mills.phys.utas.edu.au
evlbi (ports 52100-52104 TCP/UDP) from
pentane
jive
hovsi.phys.utas.edu.au
I think we probably want to add the following to the ATNF firewalls
ntp (port 123/tcp)
to and from
hovsi.phys.utas.edu.au
cdvsi.phys.utas.edu.au
tidvsi (203.5.58.205)
This will allow us to compare the times on all vsi recorders easily and
potentially automatically.
h (port 22/tcp) from
tidvsi
.phys.utas.edu.au (mount pleasant and ceduna) **
More Swinburne hosts?? **
evlbi (ports 52100-52104 UDP&TCP)
to and from
New Zealand **
We will want evlbi access from a number of hosts on the upgraded Swinburne
cluster. I am assuming the hosts addresses are not known yet.
Can anyone else think of other access that would be useful (with a
justification!).
There will need to be corresponging chages made to firewalls at the remote
ends also (e.g. utas and Swinburne). Once we have decided what we want
opened, I am assuming someone local can discss this with their local IT
support.
** Please could someone supply Shaun and I with the appropriate
network/host addresses.
Cheers
Chris
Received on 2007-04-11 13:56:10
Date: Wed, 11 Apr 2007 13:55:50 +1000 (EST)
Hi all,
As I am sure you have all come across we all our institutions are heavily
guarded via firewalls. I am about to send a moderately large change of
firewall setting to Shaun for the evlbi network and thought it best to try
and do changes in a coordinated way to minimise the numbers changes. The
ATNF evlbi network are the machines pkvsi1-ext,pkvsi2-ext mpvsi1-ext,
mpvsi2-ext, cavsi1-ext, cavsi2-ext and epvsi1-ext. Currently what is
allowed is:
Outgoing:
ssh (port 22 TCP) to
anyhost
Real time fringe testing (ports 7420&7425 TCP) to
pentane.ssi.swin.edu.au
evlbi (ports 52100-52104 TCP&UDP) to
pentane
jive (huygens, aus-1)
Incoming
ssh from
pentane
.phys.utas.edu.au (campus only)
.csiro.au
mills.phys.utas.edu.au
evlbi (ports 52100-52104 TCP/UDP) from
pentane
jive
hovsi.phys.utas.edu.au
I think we probably want to add the following to the ATNF firewalls
ntp (port 123/tcp)
to and from
hovsi.phys.utas.edu.au
cdvsi.phys.utas.edu.au
tidvsi (203.5.58.205)
This will allow us to compare the times on all vsi recorders easily and
potentially automatically.
h (port 22/tcp) from
tidvsi
.phys.utas.edu.au (mount pleasant and ceduna) **
More Swinburne hosts?? **
evlbi (ports 52100-52104 UDP&TCP)
to and from
New Zealand **
We will want evlbi access from a number of hosts on the upgraded Swinburne
cluster. I am assuming the hosts addresses are not known yet.
Can anyone else think of other access that would be useful (with a
justification!).
There will need to be corresponging chages made to firewalls at the remote
ends also (e.g. utas and Swinburne). Once we have decided what we want
opened, I am assuming someone local can discss this with their local IT
support.
** Please could someone supply Shaun and I with the appropriate
network/host addresses.
Cheers
Chris
Received on 2007-04-11 13:56:10