Firewall
- Blacklist (Host deny)
- Edit /etc/hosts and deny hosts
- List: RBG-HostDeny-List
- Firewall general
- All outgoing traffic allowed
- All incoming traffic denied, required open ports
- Example: ssh port
- Requirement: single point of access » ssh server without anything else (newest security updates, etc.)
- From central ssh login, login to other server
- VPN (most secure) for entire subnet (131.159.24.0/23)
- All outgoing traffic allowed
- Allow incoming traffic, block everything else
- LDAP user group: users are allowed to login, maintained by RBG-System
- Full access within VPN network
The firewall generally allows all outgoing connections and incoming packets for the previously established connection. All incoming connections are blocked if no exception is made.
The firewall supports only TCP connection tracking, UDP is not supported. So for UDP Connections to work usually the whole random port range needs to be allowed for incoming packets → The program send a packet from a random src port to a service, the service sends back a packet to the random src port, so an exception needs to be present that allows this packet for the connection to be successful. As there is often no control of the src port all random port needs to be opened: 1024-65535
Firewall 2019_01_18
il11_2
Does not exist - internal server management network - completely seperated
il11
no ip access-list extended acl4-il11-out ip access-list extended acl4-il11-out permit ip host 131.159.25.254 any permit ip host 131.159.25.253 any permit ip host 131.159.25.252 any deny ip 131.159.24.0 0.0.1.255 any remark *** rbg server permit ip 131.159.254.0 0.0.1.255 any remark VPN Zugang il11 permit ip 172.24.146.0 0.0.0.255 any remark il11_3 permit ip 10.200.64.0 0.0.63.255 any remark *** ping usw. permit icmp any any remark established permit tcp any any established remark rbg administration permit tcp 131.159.42.0 0.0.1.255 any eq 22 permit tcp 131.159.42.0 0.0.1.255 any eq 3389 remark macschlichter14 2016022210004457 permit tcp any host 131.159.24.169 eq 22 permit tcp any host 131.159.24.169 eq 80 permit tcp any host 131.159.24.169 eq 443 remark macschlichter11 2016022210004457 2017050810006537 2018052310008835 permit tcp any host 131.159.24.63 eq 22 remark cm05 2016051210002589 permit udp any host 131.159.24.101 eq 500 permit udp any host 131.159.24.101 eq 4500 permit ip host 129.187.102.13 host 131.159.24.101 remark vmschlichter21 2016040410005754 permit tcp any host 131.159.24.76 eq 22 permit tcp any host 131.159.24.76 eq 8000 remark vmschlichter28 2016040410005754 permit tcp any host 131.159.24.82 eq 21 permit tcp any host 131.159.24.82 eq 22 permit tcp any host 131.159.24.82 eq 80 remark ideaclouds1 2016032410006628 2018042610006262 permit tcp any host 131.159.24.245 eq 80 permit tcp any host 131.159.24.245 eq 443 permit tcp any host 131.159.24.245 eq 5060 permit tcp any host 131.159.24.245 eq 8080 remark vmott4 2016042710007487 permit tcp any host 131.159.25.6 eq 443 remark vmott5 2016051210001106 2016051210001106 permit tcp any host 131.159.24.2 eq 22 permit tcp any host 131.159.24.2 eq 80 permit tcp any host 131.159.24.2 eq 8080 permit tcp any host 131.159.24.2 eq 3306 remark vmschlichter24 2016052410006366 2016053110006405 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.239 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.239 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.239 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.239 eq 22 permit tcp any host 131.159.24.239 eq 80 permit tcp any host 131.159.24.239 eq 443 remark devimg01 2016080310008451 permit ip host 172.24.15.23 host 131.159.24.137 remark testbed02 2016090510005912 2016091610006491 2016092810005236 permit tcp any host 131.159.24.150 eq 8080 permit tcp 172.24.21.192 0.0.0.31 host 131.159.24.150 eq 8086 permit tcp 172.24.21.192 0.0.0.31 host 131.159.24.150 eq 27017 remark vmott11 2016112510000983 2016121210002084 2016122310002545 2017040610001065 2018031610006514 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.38 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.38 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.38 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.38 eq 22 permit tcp any host 131.159.24.38 eq 80 permit tcp any host 131.159.24.38 eq 443 permit tcp any host 131.159.24.38 eq 8883 permit tcp any host 131.159.24.38 eq 3306 permit tcp 131.159.192.0 0.0.31.255 host 131.159.24.38 eq 11234 permit tcp 131.159.224.0 0.0.1.255 host 131.159.24.38 eq 11234 permit tcp 172.24.21.192 0.0.0.31 host 131.159.24.38 eq 12356 remark vmott12 2016102110002472 2016110210005888 2017030210005918 2017122010005028 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.41 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.41 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.41 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.41 eq 22 permit tcp any host 131.159.24.41 eq 80 permit tcp any host 131.159.24.41 eq 443 permit tcp any host 131.159.24.41 eq 8080 remark vmott14 2016121310003214 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.53 eq 22 permit tcp any host 131.159.24.53 eq 80 permit tcp any host 131.159.24.53 eq 443 remark vmott16 2018071710009646 2018082110006586 2018082410001316 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.164 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.164 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.164 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.164 eq 22 permit udp any host 131.159.24.164 range 1024 65535 permit udp any host 131.159.24.164 eq 443 permit tcp any host 131.159.24.164 eq 53 permit udp any host 131.159.24.164 eq 53 remark vmott17 2018072610003411 2018073010001762 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.174 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.174 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.174 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.174 eq 22 permit udp any host 131.159.24.174 range 3389 3390 remark vmott20 2018103110002021 2018110210002805 permit tcp any host 131.159.24.56 eq 80 permit tcp any host 131.159.24.56 eq 443 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.56 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.56 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.56 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.56 eq 22 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.56 eq 3306 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.56 eq 3306 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.56 eq 3306 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.56 eq 3306 remark cm03 2017022710006962 permit tcp any host 131.159.24.17 eq 31313 remark cm24 2017050910007927 permit tcp any host 131.159.24.60 eq 22 permit tcp any host 131.159.24.60 eq 80 remark cm29 2017092910000611 2017100510006318 permit ip any host 131.159.24.105 remark one02.cm 201707121000331 permit tcp any host 131.159.24.86 eq 80 permit tcp any host 131.159.24.86 eq 443 remark one03.cm 201707121000331 permit tcp any host 131.159.24.84 eq 80 permit tcp any host 131.159.24.84 eq 443 remark one05.cm 2017100510002901 permit tcp any host 131.159.24.113 eq 80 permit tcp any host 131.159.24.113 eq 443 permit tcp any host 131.159.24.113 eq 2222 permit udp any host 131.159.24.113 range 1024 65535 remark one09.cm 2017120410002945 permit tcp any host 131.159.24.127 eq 80 permit tcp any host 131.159.24.127 eq 443 remark test03.cm 2017100510006318 permit ip any host 131.159.24.114 remark one10.cm 2018021510008043 2018022610006453 permit tcp any host 131.159.24.138 eq 80 permit tcp any host 131.159.24.138 eq 443 permit tcp any host 131.159.24.138 eq 3000 permit tcp any host 131.159.24.138 eq 8000 permit tcp any host 131.159.24.138 eq 8080 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.138 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.138 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.138 eq 22 remark one11.cm 2018022310004693 2018071110004161 permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 22 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 22 permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 80 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 80 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 80 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 80 permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 443 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 443 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 443 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 443 permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 3000 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 3000 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 3000 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 3000 permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 8000 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 8000 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 8000 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 8000 permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 8080 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 8080 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 8080 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 8080 remark one13.cm 2018041810001497 permit tcp any host 131.159.24.140 eq 9873 remark one15.cm 2018042710010531 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.144 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.144 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.144 eq 22 permit tcp any host 131.159.24.144 eq 80 permit tcp any host 131.159.24.144 eq 443 permit tcp any host 131.159.24.144 eq 3306 permit tcp any host 131.159.24.144 eq 8883 remark net03-cm 2018031610006103 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.166 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.166 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.166 eq 22 remark emu02 2018032310004539 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.21 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.21 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.21 eq 22 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.21 eq 8082 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.21 eq 8082 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.21 eq 8082 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.21 eq 8181 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.21 eq 8181 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.21 eq 8181 remark atschlichter29 2018040510006195 2018041910006285 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.108 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.108 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.108 eq 22 permit tcp any host 131.159.24.108 eq 3036 permit udp any host 131.159.24.108 eq 3036 remark one16 2018061410011122 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.149 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.149 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.149 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.149 eq 22 permit udp any host 131.159.24.149 range 1024 65535 remark one19 2018070910008439 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.154 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.154 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.154 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.154 eq 22 permit udp any host 131.159.24.154 eq 443 permit udp any host 131.159.24.154 range 3389 3391 remark one20 2018070910008948 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.156 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.156 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.156 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.156 eq 22 remark one21 2018070910010971 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.157 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.157 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.157 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.157 eq 22 remark one22 201807181000675 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.165 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.165 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.165 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.165 eq 22 permit tcp any host 131.159.24.165 eq 3389 remark one23 2018111910003345 2018112010013331 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.193 eq 22 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.193 eq 22 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.193 eq 22 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.193 eq 22 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.193 eq 80 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.193 eq 80 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.193 eq 80 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.193 eq 80 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.193 eq 443 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.193 eq 443 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.193 eq 443 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.193 eq 443 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.193 eq 8080 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.193 eq 8080 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.193 eq 8080 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.193 eq 8080 remark one24 2018092410011152 permit tcp any host 131.159.24.48 eq 80 permit tcp any host 131.159.24.48 eq 443 remark cm43 2018080110008826 permit udp any host 131.159.24.179 range 3389 3391 remark social1 2018082110006746 2018111910002828 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.12 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.12 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.12 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.12 remark social2 2018020910006502 2018082110006746 2018111910002828 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.134 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.134 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.134 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.134 remark social3 2016022210004457 2018082110006746 2018111910002828 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.238 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.238 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.238 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.238 remark social4 2018080610007631 2018082110006746 2018111910002828 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.13 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.13 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.13 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.13 remark social5 2016022210004457 2018082110006746 2018111910002828 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.171 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.171 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.171 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.171 remark social6 2018091710010998 2018111910002828 permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.184 permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.184 permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.184 permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.184 deny ip any any exit
il11_3
no ip access-list extended acl4-il11_3-out ip access-list extended acl4-il11_3-out permit ip host 10.200.127.254 any permit ip host 10.200.127.253 any permit ip host 10.200.127.252 any remark anti spoofing deny ip 10.200.112.0 0.0.15.255 any remark rbg server permit ip 131.159.254.0 0.0.1.255 any remark lehrstuhl netz permit ip 131.159.24.0 0.0.1.255 any remark VPN Zugang il11 permit ip 172.24.146.0 0.0.0.255 any remark Zugang il11_6 permit ip 10.200.96.0 0.0.15.255 any remark MWN permit ip any 172.24.24.0 0.0.1.255 remark established permit tcp any any established remark vmott22 Zugang RBG 2019011710009021 permit tcp 131.159.42.0 0.0.1.255 host 10.200.120.9 eq 22 deny ip any any exit
il11_4
no ip access-list extended acl4-il11-4-out ip access-list extended acl4-il11-4-out permit ip host 172.24.21.222 any permit ip host 172.24.21.221 any permit ip host 172.24.21.220 any deny ip 172.24.21.192 0.0.0.31 any remark *** rbg server permit ip 131.159.254.0 0.0.1.255 any remark VPN Zugang il11 permit ip 172.24.146.0 0.0.0.255 any remark established permit tcp any any established remark cm04 2016081710008318 permit tcp host 131.159.24.79 any eq 22 remark cm07 2016081710008318 permit tcp host 131.159.24.130 any eq 22 remark testbed2 2016092110004722 2017020810004679 permit tcp host 131.159.24.150 any eq 22 permit tcp host 131.159.24.150 any eq 8080 permit tcp host 131.159.24.150 any eq 8086 deny ip any any exit
il11_5
no ip access-list extended acl4-il11_5-out ip access-list extended acl4-il11_5-out permit ip host 172.24.25.254 any remark anti spoofing deny ip 172.24.24.0 0.0.1.255 any remark rbg server permit ip 131.159.254.0 0.0.1.255 any remark lehrstuhl netz permit ip 131.159.24.0 0.0.1.255 any remark VPN Zugang il11 permit ip 172.24.146.0 0.0.0.255 any remark LRZ VPN 2017121310013176 permit ip 129.187.0.0 0.0.255.255 any permit ip 10.152.42.0 0.0.1.255 any permit ip 10.152.126.0 0.0.1.255 any remark MWN permit ip any 172.24.24.0 0.0.1.255 permit tcp any any established deny ip any any exit
il11_6
no ip access-list extended acl4-il11_3-out ip access-list extended acl4-il11_3-out permit ip host 10.200.111.254 any permit ip host 10.200.111.253 any permit ip host 10.200.111.252 any remark anti spoofing deny ip 10.200.96.0 0.0.15.255 any remark rbg server permit ip 131.159.254.0 0.0.1.255 any remark lehrstuhl netz permit ip 131.159.24.0 0.0.1.255 any remark VPN Zugang il11 permit ip 172.24.146.0 0.0.0.255 any remark Zugang il11_6 permit ip 10.200.112.0 0.0.15.255 any remark MWN permit ip any 172.24.24.0 0.0.1.255 permit tcp any any established deny ip any any exit
Hostname | IP | Ports | User | Notes |
---|---|---|---|---|
vmschlichter21 | 131.159.24.76 | 8000, 22 | woerndl | - |
vmschlichter28 | 131.159.24.82 | 80 | woerndl | - |
social1 | 131.159.24.12 | * - MWN/LRZ VPN | gerhard hagerer | social server |
social2 | 131.159.24.134 | * - MWN/LRZ VPN | gerhard hagerer | social server |
social3 | 131.159.24.238 | * - MWN/LRZ VPN | gerhard hagerer | social server |
social4 | 131.159.24.13 | * - MWN/LRZ VPN | gerhard hagerer | social server |
social5 | 131.159.24.171 | * - MWN/LRZ VPN | gerhard hagerer | social server |
social6 | 131.159.24.184 | * - MWN/LRZ VPN | gerhard hagerer | social server |
vmott4 | 131.159.25.6 | 443 | paulth | Https permission for calendar synchronization |
vmott5 | 131.159.24.2 | 80,22 | woerndl | SSH and HTTP persmission |
cm05 | 131.159.24.101 | 500,4500, every from 129.187.102.13(zv firewall-cluster) | christinne lissner | VPN access for SAP application |
vmschlichter24 | 131.159.24.239 | 22 from LRZ VPN subnets | georg groh | SSH Access for student Safey Halim from LRZ VPN |
vmschlichter24 | 131.159.24.239 | 80, 443 | georg groh | Webserver for student project |
vmschlichter27 | 131.159.24.81 | 80,443 | hanna schaefer | Webserver Projekt |
vmschlichter29 | 131.159.24.40 | 80,443 | hanna schaefer | Webserver Projekt Test VM |
devimg01 | 131.159.24.137 | all-172.24.15.23 | leonardo tonetto | SSH und NFS zwischen devimg01 und ComputeVM23 |
testbed02 | 131.159.24.150 | il11_edison - 8086 il11_edison, il11_edison - 27017 | vittorio cozzolino | Edison to Backend database (Influx DB + Mono DB) |
testbed02 | 131.159.24.150 | port 8080 | vittorio cozzolin | Mobile Phone access NodeJS - local Firewall on testbed02 to allow only mac of mobile phone |
il11_edison | 172….(edison net) | testbed02 - 8086 (tcp) | vittorio cozzolin | Get Data directly from Edisons |
il11_edison | 172….(edison net) | testbed02 - 8080 (tcp) | vittorio cozzolin | NodeJS Endpoint - Edison Board Camera |
il11_edison | 172….(edison net) | testbed02 - 22 (tcp) | vittorio cozzolin | SSH Access |
il11_edison | 172….(edison net) | vmott11 - 3306 (tcp) | michael haus | MySQL server |
vmott11 | 131.159.24.38 | 80, 443, 8883 (Mqtt), 3306 (MySQL) - All; 22 - MWN | michael haus | Sensor data collection |
vmott12 | 131.159.24.41 | LRZ VPN - 22 + all : anywhere - 443, 8080, 80 | daniel herzog | Citytrip Planer Masterstudent |
vmott14 | 131.159.24.53 | LRZ VPN - 22 | sebastian schams | Social Computing Summer Experiment |
vmott14 | 131.159.24.53 | anywhere - 80 + 443 | sebastian schams | Social Computing Summer Experiment |
cm03 | 131.159.24.17 | anywhere - 31313 | teemu kaerkkaeinen | test port for work laptop (cm03) |
one04 (cherry.cm.in.tum.de) | 131.159.24.60 | anywhere - 80, 22 | Vaibhav Bajpai | Master student data analysis |
one02 (phi.cm.in.tum.de) | 131.159.24.86 | anywhere - 80, 443 | Thomas Paul | Webserver Edge Workshop |
one03 (grapes.cm.in.tum.de) | 131.159.24.84 | anywhere - 80, 443 | Vaibhav Bajpai | Probe VM Opennebula, collect probe data |
one05 (pandora.cm.in.tum.de) | 131.159.24.113 | anywhere- 80,443,2222,9000,9080 TCP + 1024-65535 UDP | Jörg Ott | Quic Test Server 10/17 |
one08 (monkey.cm.in.tum.de) | 131.159.24.63 | 22 | leonardo tonetto | ONE VM Monkey Leonardo Tonetto - 04/17 |
one09 (mango/hotcrp.cm.in.tum.de) | 131.159.24.127 | anywhere - 443,80 | Vaibhav Bajpai | ONE VM Mango Hotcrp Host - 12/17 |
one10 (canberra) | 131.159.24.138 | LRZ VPN/MWN - 22,443,80,8080,3000,8000 | Daniel Herzog | ONE Daniel Herzog Master student - 03/19 |
emu02 | 131.159.24.21 | LRZ VPN/MWN - 22,8082,8181 | Thomas Paul | Marcel Lotze + Chaitwanya student Dell Switch Controler 03/18 |
one12 (mira) | 131.159.24.108 | LRZ VPN/MWN - 22, anywhere - 3036 | Viet Doan | ONE mira Viet Doan MT student thanumai 11/18 |
one13 (externalds) | 131.159.24.140 | anywhere - 9873 (ssh port!) | Linus Dietz | Build Server uses SFTP 04/18 |
ideacloud1 | 131.159.24.245 | anywhere - 80,443,5060,8080 | Michele Broco | Ideacloud Laptop Michele 04/18 |
one15 (proton) | 131.159.24.144 | anywhere - 80,443,8883,3306; mwn - 22 | Michael Haus | Social Computing Task - Data Collection VM 04/18 |
one16 (emilia) | 131.159.24.149 | anywhere - udp 1024-65536; mwn - 22 | Vaibhav Bajpai | Quic Test Server Master Thesis Bernhard Jäger 06/18 |
one20 (veronika) | 131.159.24.156 | lrz vpn/mwn - tcp 22 | Vaibhav Bajpaiv | Vaibhav student Jeslin John 07/18 |
one19 (katarina) | 131.159.24.154 | lrz vpn/mwn - tcp 22, all - udp 443,3389-3391 | Vaibhav Bajpai | Vaibhav student Quic Measurements Sergey Podanev 07/18 |
one21 (banana) | 131.159.24.157 | lrz vpn/mwn - tcp 22 | Vaibhav Bajpaiv | Vaibhav student Justus Fries 07/18 |
vmott16 | 131.159.24.164 | lrz vpn/mwn - tcp 22, all - udp 443,3389-3390, all - udp+tcp 53 (external DNS), all - udp 1024-65535 | Vaibhav Bajpaic | Vaibhav student Quic measurement, external DNS queries VM Sergey Podanev + Jeslin John 07/18 |
one22 (albany) | 131.159.24.165 | lrzvpn/mwn - tcp 22, all - tcp 3389 | Viet Doan | Viet Bsc student Mobile phone data collection sftp Markus Oberprieler 07/18 |
vmott17 | 131.159.24.174 | lrzvpn/mwn - tcp 22, any - udp 3389-3390 | Vaibhav Bajpai | Vaibhav Student Quic Procotol measurements Bernhard Jäger 07/18 |
cm43 | 131.159.24.179 | any - udp 3389-3391 | Vaibhav Bajpai | Vaibhav student QUIC Sergey Podanev 08/18 |
one24 (meter.cm.in.tum.de) | 131.159.24.48 | any - tcp 80,443,4556,1234,7895 | Thomas Paul | Arthur Meter Digitalization Backend Server 09/18 |
vmott23 | 131.159.24.40 | any-tcp 80+443, mwn-tcp 22+3306 | Wolfgang Wörndl | MT Haimerl Mysql DB und Webserver 03/19 |
one23 (kiwi.cm.in.tum.de) | 131.159.24.193 | mwn - tcp 22,80,8080,443 | Vaibhav Bajpai | MT Florian Sprang dashboard cdn 11/18 |
vmott21 | 131.159.24.7 | any - tcp 80 + 443 | Simon Zelenski | Dokuwiki VM Service IP |
testbed01 | 131.159.24.142 | any - tcp 8877 | Teemu Kaerkkaeinen | Testbed01 Experiments |
one01 | 131.159.24.42 | any - tcp 80 + 443 | Vaibhav Bajpai | ONE plum Data Collection VM |
one06 | 131.159.24.47 | MWN - 22 | Faulhaben Nils | ONE cathy Thesis VM |
one10 | 131.159.24.31 | MWN - UDP 47810-47812 | Ayguen Baltaci | ONE anelia Research VM |
one17 (stella) | 131.159.24.89 | MWN - TCP+UDP 3000, UDP 8000, TCP 22 | Simon Kostin (Daniel Herzog) | ONE stella Student Thesis VM |
sensornet.cm.in.tum.de | 131.159.24.90 | All - 9090, 9091 TCP | Teemu Kaerkkaeinen Service IP - IOT Sensornet VM deneb | |
grobid.cm.in.tum.de | 131.159.24.112 | 8070 TCP | Linus Dietz | grobid serves http on port 8070 |
mobility-dashboard | 131.159.24.114 | TCP 22,8050 open zo MWN, TCP 80, 443 open to Internet | Lukas Vorwerk (Linus Dietz) | Student Thesis VM |
one36.cm.in.tum.de | 131.159.24.120 | TCP 80, 443 worldwide | Michael Haus | data publishing VM |
awx.cm.in.tum.de | 131.159.24.178 | TCP 80, 443 MWN | Thomas Paul | open awx for MWN hosts |
trace.cm.in.tum.de (one58) | 131.159.24.160 | TCP 22 MWN | Viet Doan | traceroute measurements with IPv6 |
Firewall Exceptions for Chair <-> RBG Ceph
one38 (one-db) one45 (one-vault) one48 (one-awx) devimg01 - 131.159.24.137 testbed01 - 131.159.24.142 testbed02 - 131.159.24.150 sim01 - 131.159.24.15 net01 - 131.159.24.163 net02 - 131.159.24.151 net03 - 131.159.24.166 emu01 - 131.159.24.18 emu02 - 131.159.24.21 emu03 - 131.159.24.20 emu06 - 131.159.24.35 host:f:awx.cm.in.tum.de 131.159.24.178 host:f:vault.cm.in.tum.de 131.159.24.29 host:f:orders.cm.in.tum.de 131.159.24.34 host:f:hostview.cm.in.tum.de 131.159.24.91 host:f:db.cm.in.tum.de 131.159.24.52 host:f:awx.cm.in.tum.de 131.159.24.178 host:f:icinga.cm.in.tum.de 131.159.24.117 host:f:one01.cm.in.tum.de 131.159.24.42 host:f:one02.cm.in.tum.de 131.159.24.86 host:f:one03.cm.in.tum.de 131.159.24.84 host:f:one04.cm.in.tum.de 131.159.24.60 host:f:one05.cm.in.tum.de 131.159.24.113 host:f:one06.cm.in.tum.de 131.159.24.47 host:f:one07.cm.in.tum.de 131.159.24.10 host:f:one08.cm.in.tum.de 131.159.24.63 host:f:one09.cm.in.tum.de 131.159.24.127 host:f:one10.cm.in.tum.de 131.159.24.31 host:f:one11.cm.in.tum.de 131.159.24.139 host:f:one12.cm.in.tum.de 131.159.24.108 host:f:one13.cm.in.tum.de 131.159.24.140 host:f:one14.cm.in.tum.de 131.159.24.83 host:f:one15.cm.in.tum.de 131.159.24.144 host:f:one16.cm.in.tum.de 131.159.24.149 host:f:one17.cm.in.tum.de 131.159.24.89 host:f:one18.cm.in.tum.de 131.159.24.153 host:f:one19.cm.in.tum.de 131.159.24.154 host:f:one20.cm.in.tum.de 131.159.24.156 host:f:one21.cm.in.tum.de 131.159.24.157 host:f:one22.cm.in.tum.de 131.159.24.165 host:f:one23.cm.in.tum.de 131.159.24.193 host:f:one24.cm.in.tum.de 131.159.24.48 host:f:one28.cm.in.tum.de 131.159.24.114 host:f:one31.cm.in.tum.de 131.159.24.112 host:f:one34.cm.in.tum.de 131.159.24.115 host:f:one36.cm.in.tum.de 131.159.24.120 host:intum:vmott10 131.159.24.36 host:intum:vmott11 131.159.24.38 host:intum:vmott12 131.159.24.41 host:intum:vmott14 131.159.24.53 host:intum:vmott16 131.159.24.164 host:intum:vmott17 131.159.24.174 host:intum:vmott18 131.159.24.50 host:intum:vmott19 131.159.24.187 host:intum:vmott2 131.159.24.136 host:intum:vmott20 131.159.24.56 host:intum:vmott21 131.159.24.5 host:intum:vmott23 131.159.24.40 host:intum:vmott24 131.159.24.45 host:intum:vmott25 131.159.24.110 host:intum:vmott3 131.159.24.141 host:intum:vmott4 131.159.25.6 host:intum:vmott5 131.159.24.2 host:intum:vmott8 131.159.24.14 host:intum:vmschlichter21 131.159.24.76 host:intum:vmschlichter22 131.159.24.30 host:intum:vmschlichter24 131.159.24.239 host:intum:vmschlichter28 131.159.24.82
Firewall Exceptions IPv6
Hostname | IP | Ports | User | Notes |
---|---|---|---|---|
vmott7 | 2001:4ca0:2003:240::9 | lrz vpn/mwn - tcp 22, all - udp 443,3389-339 | Vaibhav Bajpaic | Vaibhav student Quic measurement faster network VM Sergey Podanev 07/18 |
one19 (katarina) | 2001:4ca0:2003:240::154 | lrz vpn/mwn - tcp 22, all - udp 443,3389-3391 | Vaibhav Bajpai | Vaibhav student Quic Measurements Sergey Podanev 07/18 |
vmott16 | 2001:4ca0:2003:240::164 | lrz vpn/mwn - tcp 22, all - udp 443,3389-3391, all - udp+tcp 53 (external DNS), all - udp 1024-65535 | Vaibhav Bajpaic | Vaibhav student Quic measurement, external DNS queries VM Sergey Podanev + Jeslin John 07/18 |
vmott17 | 2001:4ca0:2003:240::174 | any - udp 3389-3390 | Vaibhav Bajpai | Vaibhav Student Quic Procotol measurements Bernhard Jäger 07/18 |
one01 | 2001:4ca0:2003:240::42 | any - tcp 80 + 443 | Vaibhav Bajpai | ONE plum Data Collection VM |
sensornet.cm.in.tum.de | 2001:4ca0:2003:240::90 | All - 9090, 9091 TCP | Teemu Kaerkkaeinen Service IP - IOT Sensornet VM deneb | |
one36.cm.in.tum.de | 2a09:80c0:24::120 | TCP 80, 443 worldwide | Michael Haus | data publishing VM |
Firewall Network
il11
remark VPN Zugang il11 permit ip 172.24.146.0 0.0.0.255 any remark LRZ VPN 2017121310013176 permit ip 129.187.0.0 0.0.255.255 any permit ip 10.152.42.0 0.0.1.255 any permit ip 10.152.126.0 0.0.1.255 any
il11_5 (MWN / ONE)
# Zugriff aus dem eduroam Netz remark Doktoranden der Sensorknoten 2020021810005143 permit tcp 131.159.192.0 0.0.31.255 any eq 22 permit tcp 131.159.192.0 0.0.31.255 any eq 80 permit tcp 131.159.192.0 0.0.31.255 any eq 443 permit tcp 131.159.192.0 0.0.31.255 any eq 1883 permit tcp 131.159.192.0 0.0.31.255 any eq 8080 permit tcp 131.159.192.0 0.0.31.255 any eq 8883 remark Doktoranden der Sensorknoten 2020021810005143 permit tcp 2a09:80c0:192::/64 any eq 22 permit tcp 2a09:80c0:192::/64 any eq 80 permit tcp 2a09:80c0:192::/64 any eq 443 permit tcp 2a09:80c0:192::/64 any eq 1883 permit tcp 2a09:80c0:192::/64 any eq 8080 permit tcp 2a09:80c0:192::/64 any eq 8883
VPN
People with VPN access to the chair network can be seen on the RBG webapp under the LDAP group vpnil11 -https://rbgwebapp.in.tum.de/struktur/eintrag/vpn:vpnil11. Check this wiki page to request access as an employee. As an aministrators check this page.