Firewall

  • Blacklist (Host deny)
  • Firewall general
    • All outgoing traffic allowed
    • All incoming traffic denied, required open ports
      • Example: ssh port
      • Requirement: single point of access » ssh server without anything else (newest security updates, etc.)
      • From central ssh login, login to other server
  • VPN (most secure) for entire subnet (131.159.24.0/23)
    • All outgoing traffic allowed
    • Allow incoming traffic, block everything else
      • LDAP user group: users are allowed to login, maintained by RBG-System
    • Full access within VPN network

The firewall generally allows all outgoing connections and incoming packets for the previously established connection. All incoming connections are blocked if no exception is made.
The firewall supports only TCP connection tracking, UDP is not supported. So for UDP Connections to work usually the whole random port range needs to be allowed for incoming packets → The program send a packet from a random src port to a service, the service sends back a packet to the random src port, so an exception needs to be present that allows this packet for the connection to be successful. As there is often no control of the src port all random port needs to be opened: 1024-65535

il11_2

Does not exist - internal server management network - completely seperated

il11

no ip access-list extended acl4-il11-out
ip access-list extended acl4-il11-out
permit ip host 131.159.25.254 any
permit ip host 131.159.25.253 any
permit ip host 131.159.25.252 any
deny ip 131.159.24.0 0.0.1.255 any
remark *** rbg server
permit ip 131.159.254.0 0.0.1.255 any
remark VPN Zugang il11
permit ip 172.24.146.0 0.0.0.255 any
remark il11_3
permit ip 10.200.64.0 0.0.63.255 any
remark *** ping usw.
permit icmp any any
remark established
permit tcp any any established
remark rbg administration
permit tcp 131.159.42.0 0.0.1.255 any eq 22
permit tcp 131.159.42.0 0.0.1.255 any eq 3389
remark macschlichter14 2016022210004457
permit tcp any host 131.159.24.169 eq 22
permit tcp any host 131.159.24.169 eq 80
permit tcp any host 131.159.24.169 eq 443
remark macschlichter11 2016022210004457 2017050810006537 2018052310008835
permit tcp any host 131.159.24.63 eq 22
remark cm05 2016051210002589
permit udp any host 131.159.24.101 eq 500
permit udp any host 131.159.24.101 eq 4500
permit ip host 129.187.102.13 host 131.159.24.101
remark vmschlichter21 2016040410005754
permit tcp any host 131.159.24.76 eq 22
permit tcp any host 131.159.24.76 eq 8000
remark vmschlichter28 2016040410005754
permit tcp any host 131.159.24.82 eq 21
permit tcp any host 131.159.24.82 eq 22
permit tcp any host 131.159.24.82 eq 80
remark ideaclouds1 2016032410006628 2018042610006262
permit tcp any host 131.159.24.245 eq 80
permit tcp any host 131.159.24.245 eq 443
permit tcp any host 131.159.24.245 eq 5060
permit tcp any host 131.159.24.245 eq 8080
remark vmott4 2016042710007487
permit tcp any host 131.159.25.6 eq 443
remark vmott5 2016051210001106 2016051210001106
permit tcp any host 131.159.24.2 eq 22
permit tcp any host 131.159.24.2 eq 80
permit tcp any host 131.159.24.2 eq 8080
permit tcp any host 131.159.24.2 eq 3306
remark vmschlichter24 2016052410006366 2016053110006405
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.239 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.239 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.239 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.239 eq 22
permit tcp any host 131.159.24.239 eq 80
permit tcp any host 131.159.24.239 eq 443
remark devimg01 2016080310008451
permit ip host 172.24.15.23 host 131.159.24.137
remark testbed02 2016090510005912 2016091610006491 2016092810005236
permit tcp any host 131.159.24.150 eq 8080
permit tcp 172.24.21.192 0.0.0.31 host 131.159.24.150 eq 8086
permit tcp 172.24.21.192 0.0.0.31 host 131.159.24.150 eq 27017
remark vmott11 2016112510000983 2016121210002084 2016122310002545 2017040610001065 2018031610006514
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.38 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.38 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.38 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.38 eq 22
permit tcp any host 131.159.24.38 eq 80
permit tcp any host 131.159.24.38 eq 443
permit tcp any host 131.159.24.38 eq 8883
permit tcp any host 131.159.24.38 eq 3306
permit tcp 131.159.192.0 0.0.31.255 host 131.159.24.38 eq 11234
permit tcp 131.159.224.0 0.0.1.255 host 131.159.24.38 eq 11234
permit tcp 172.24.21.192 0.0.0.31 host 131.159.24.38 eq 12356
remark vmott12 2016102110002472 2016110210005888 2017030210005918 2017122010005028
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.41 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.41 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.41 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.41 eq 22
permit tcp any host 131.159.24.41 eq 80
permit tcp any host 131.159.24.41 eq 443
permit tcp any host 131.159.24.41 eq 8080
remark vmott14 2016121310003214
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.53 eq 22
permit tcp any host 131.159.24.53 eq 80
permit tcp any host 131.159.24.53 eq 443
remark vmott16 2018071710009646 2018082110006586 2018082410001316
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.164 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.164 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.164 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.164 eq 22
permit udp any host 131.159.24.164 range 1024 65535
permit udp any host 131.159.24.164 eq 443
permit tcp any host 131.159.24.164 eq 53
permit udp any host 131.159.24.164 eq 53
remark vmott17 2018072610003411 2018073010001762
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.174 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.174 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.174 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.174 eq 22
permit udp any host 131.159.24.174 range 3389 3390
remark vmott20 2018103110002021 2018110210002805
permit tcp any host 131.159.24.56 eq 80
permit tcp any host 131.159.24.56 eq 443
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.56 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.56 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.56 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.56 eq 22
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.56 eq 3306
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.56 eq 3306
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.56 eq 3306
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.56 eq 3306
remark cm03 2017022710006962
permit tcp any host 131.159.24.17 eq 31313
remark cm24 2017050910007927
permit tcp any host 131.159.24.60 eq 22
permit tcp any host 131.159.24.60 eq 80
remark cm29 2017092910000611 2017100510006318
permit ip any host 131.159.24.105
remark one02.cm 201707121000331
permit tcp any host 131.159.24.86 eq 80
permit tcp any host 131.159.24.86 eq 443
remark one03.cm 201707121000331
permit tcp any host 131.159.24.84 eq 80
permit tcp any host 131.159.24.84 eq 443
remark one05.cm 2017100510002901
permit tcp any host 131.159.24.113 eq 80
permit tcp any host 131.159.24.113 eq 443
permit tcp any host 131.159.24.113 eq 2222
permit udp any host 131.159.24.113 range 1024 65535
remark one09.cm 2017120410002945
permit tcp any host 131.159.24.127 eq 80
permit tcp any host 131.159.24.127 eq 443
remark test03.cm 2017100510006318
permit ip any host 131.159.24.114
remark one10.cm 2018021510008043 2018022610006453
permit tcp any host 131.159.24.138 eq 80
permit tcp any host 131.159.24.138 eq 443
permit tcp any host 131.159.24.138 eq 3000
permit tcp any host 131.159.24.138 eq 8000
permit tcp any host 131.159.24.138 eq 8080
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.138 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.138 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.138 eq 22
remark one11.cm 2018022310004693 2018071110004161
permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 22
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 22
permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 80
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 80
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 80
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 80
permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 443
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 443
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 443
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 443
permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 3000
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 3000
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 3000
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 3000
permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 8000
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 8000
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 8000
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 8000
permit tcp 131.159.0.0 0.0.225.255 host 131.159.24.139 eq 8080
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.139 eq 8080
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.139 eq 8080
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.139 eq 8080
remark one13.cm 2018041810001497
permit tcp any host 131.159.24.140 eq 9873
remark one15.cm 2018042710010531
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.144 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.144 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.144 eq 22
permit tcp any host 131.159.24.144 eq 80
permit tcp any host 131.159.24.144 eq 443
permit tcp any host 131.159.24.144 eq 3306
permit tcp any host 131.159.24.144 eq 8883
remark net03-cm 2018031610006103
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.166 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.166 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.166 eq 22
remark emu02 2018032310004539
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.21 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.21 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.21 eq 22
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.21 eq 8082
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.21 eq 8082
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.21 eq 8082
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.21 eq 8181
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.21 eq 8181
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.21 eq 8181
remark atschlichter29 2018040510006195 2018041910006285
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.108 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.108 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.108 eq 22
permit tcp any host 131.159.24.108 eq 3036
permit udp any host 131.159.24.108 eq 3036
remark one16 2018061410011122
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.149 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.149 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.149 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.149 eq 22
permit udp any host 131.159.24.149 range 1024 65535
remark one19 2018070910008439
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.154 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.154 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.154 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.154 eq 22
permit udp any host 131.159.24.154 eq 443
permit udp any host 131.159.24.154 range 3389 3391
remark one20 2018070910008948
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.156 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.156 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.156 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.156 eq 22
remark one21 2018070910010971
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.157 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.157 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.157 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.157 eq 22
remark one22 201807181000675
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.165 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.165 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.165 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.165 eq 22
permit tcp any host 131.159.24.165 eq 3389
remark one23 2018111910003345 2018112010013331
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.193 eq 22
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.193 eq 22
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.193 eq 22
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.193 eq 22
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.193 eq 80
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.193 eq 80
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.193 eq 80
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.193 eq 80
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.193 eq 443
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.193 eq 443
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.193 eq 443
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.193 eq 443
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.193 eq 8080
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.193 eq 8080
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.193 eq 8080
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.193 eq 8080
remark one24 2018092410011152
permit tcp any host 131.159.24.48 eq 80
permit tcp any host 131.159.24.48 eq 443
remark cm43 2018080110008826
permit udp any host 131.159.24.179 range 3389 3391
remark social1 2018082110006746 2018111910002828
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.12
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.12
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.12
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.12
remark social2 2018020910006502 2018082110006746 2018111910002828
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.134
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.134
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.134
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.134
remark social3 2016022210004457 2018082110006746 2018111910002828
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.238
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.238
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.238
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.238
remark social4 2018080610007631 2018082110006746 2018111910002828
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.13
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.13
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.13
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.13
remark social5 2016022210004457 2018082110006746 2018111910002828
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.171
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.171
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.171
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.171
remark social6 2018091710010998 2018111910002828
permit tcp 129.187.0.0 0.0.255.255 host 131.159.24.184
permit tcp 131.159.0.0 0.0.255.255 host 131.159.24.184
permit tcp 10.152.42.0 0.0.1.255 host 131.159.24.184
permit tcp 10.152.126.0 0.0.1.255 host 131.159.24.184
deny ip any any
exit

il11_3

no ip access-list extended acl4-il11_3-out
ip access-list extended acl4-il11_3-out
permit ip host 10.200.127.254 any
permit ip host 10.200.127.253 any
permit ip host 10.200.127.252 any
remark anti spoofing
deny ip 10.200.112.0 0.0.15.255 any
remark rbg server
permit ip 131.159.254.0 0.0.1.255 any
remark lehrstuhl netz
permit ip 131.159.24.0 0.0.1.255 any
remark VPN Zugang il11
permit ip 172.24.146.0 0.0.0.255 any
remark Zugang il11_6
permit ip 10.200.96.0 0.0.15.255 any
remark MWN
permit ip any 172.24.24.0 0.0.1.255
remark established
permit tcp any any established
remark vmott22 Zugang RBG 2019011710009021
permit tcp 131.159.42.0 0.0.1.255 host 10.200.120.9 eq 22
deny ip any any
exit

il11_4

no ip access-list extended acl4-il11-4-out
ip access-list extended acl4-il11-4-out
permit ip host 172.24.21.222 any
permit ip host 172.24.21.221 any
permit ip host 172.24.21.220 any
deny ip 172.24.21.192 0.0.0.31 any
remark *** rbg server
permit ip 131.159.254.0 0.0.1.255 any
remark VPN Zugang il11
permit ip 172.24.146.0 0.0.0.255 any
remark established
permit tcp any any established
remark cm04 2016081710008318
permit tcp host 131.159.24.79 any eq 22
remark cm07 2016081710008318
permit tcp host 131.159.24.130 any eq 22
remark testbed2 2016092110004722 2017020810004679
permit tcp host 131.159.24.150 any eq 22
permit tcp host 131.159.24.150 any eq 8080
permit tcp host 131.159.24.150 any eq 8086
deny ip any any
exit

il11_5

no ip access-list extended acl4-il11_5-out
ip access-list extended acl4-il11_5-out
permit ip host 172.24.25.254 any
remark anti spoofing
deny ip 172.24.24.0 0.0.1.255 any
remark rbg server
permit ip 131.159.254.0 0.0.1.255 any
remark lehrstuhl netz
permit ip 131.159.24.0 0.0.1.255 any
remark VPN Zugang il11
permit ip 172.24.146.0 0.0.0.255 any
remark LRZ VPN 2017121310013176
permit ip 129.187.0.0 0.0.255.255 any
permit ip 10.152.42.0 0.0.1.255 any
permit ip 10.152.126.0 0.0.1.255 any
remark MWN
permit ip any 172.24.24.0 0.0.1.255
permit tcp any any established
deny ip any any
exit

il11_6

no ip access-list extended acl4-il11_3-out
ip access-list extended acl4-il11_3-out
permit ip host 10.200.111.254 any
permit ip host 10.200.111.253 any
permit ip host 10.200.111.252 any
remark anti spoofing
deny ip 10.200.96.0 0.0.15.255 any
remark rbg server
permit ip 131.159.254.0 0.0.1.255 any
remark lehrstuhl netz
permit ip 131.159.24.0 0.0.1.255 any
remark VPN Zugang il11
permit ip 172.24.146.0 0.0.0.255 any
remark Zugang il11_6
permit ip 10.200.112.0 0.0.15.255 any
remark MWN
permit ip any 172.24.24.0 0.0.1.255
permit tcp any any established
deny ip any any
exit
Hostname IP Ports User Notes
vmschlichter21 131.159.24.76 8000, 22 woerndl -
vmschlichter28 131.159.24.82 80 woerndl -
social1 131.159.24.12 * - MWN/LRZ VPN gerhard hagerer social server
social2 131.159.24.134 * - MWN/LRZ VPN gerhard hagerer social server
social3 131.159.24.238 * - MWN/LRZ VPN gerhard hagerer social server
social4 131.159.24.13 * - MWN/LRZ VPN gerhard hagerer social server
social5 131.159.24.171 * - MWN/LRZ VPN gerhard hagerer social server
social6 131.159.24.184 * - MWN/LRZ VPN gerhard hagerer social server
vmott4131.159.25.6443paulthHttps permission for calendar synchronization
vmott5131.159.24.280,22woerndlSSH and HTTP persmission
cm05131.159.24.101500,4500, every from 129.187.102.13(zv firewall-cluster)christinne lissnerVPN access for SAP application
vmschlichter24131.159.24.23922 from LRZ VPN subnetsgeorg grohSSH Access for student Safey Halim from LRZ VPN
vmschlichter24131.159.24.23980, 443 georg groh Webserver for student project
vmschlichter27131.159.24.8180,443hanna schaeferWebserver Projekt
vmschlichter29131.159.24.4080,443hanna schaeferWebserver Projekt Test VM
devimg01131.159.24.137all-172.24.15.23leonardo tonettoSSH und NFS zwischen devimg01 und ComputeVM23
testbed02131.159.24.150il11_edison - 8086 il11_edison, il11_edison - 27017vittorio cozzolinoEdison to Backend database (Influx DB + Mono DB)
testbed02131.159.24.150port 8080vittorio cozzolinMobile Phone access NodeJS - local Firewall on testbed02 to allow only mac of mobile phone
il11_edison172….(edison net)testbed02 - 8086 (tcp)vittorio cozzolinGet Data directly from Edisons
il11_edison172….(edison net)testbed02 - 8080 (tcp)vittorio cozzolinNodeJS Endpoint - Edison Board Camera
il11_edison172….(edison net)testbed02 - 22 (tcp)vittorio cozzolinSSH Access
il11_edison172….(edison net)vmott11 - 3306 (tcp)michael hausMySQL server
vmott11131.159.24.3880, 443, 8883 (Mqtt), 3306 (MySQL) - All; 22 - MWNmichael hausSensor data collection
vmott12131.159.24.41LRZ VPN - 22 + all : anywhere - 443, 8080, 80daniel herzogCitytrip Planer Masterstudent
vmott14131.159.24.53LRZ VPN - 22sebastian schamsSocial Computing Summer Experiment
vmott14131.159.24.53anywhere - 80 + 443sebastian schamsSocial Computing Summer Experiment
cm03131.159.24.17anywhere - 31313teemu kaerkkaeinentest port for work laptop (cm03)
one04 (cherry.cm.in.tum.de)131.159.24.60anywhere - 80, 22Vaibhav BajpaiMaster student data analysis
one02 (phi.cm.in.tum.de)131.159.24.86anywhere - 80, 443Thomas PaulWebserver Edge Workshop
one03 (grapes.cm.in.tum.de)131.159.24.84anywhere - 80, 443Vaibhav BajpaiProbe VM Opennebula, collect probe data
one05 (pandora.cm.in.tum.de)131.159.24.113anywhere- 80,443,2222,9000,9080 TCP + 1024-65535 UDPJörg OttQuic Test Server 10/17
one08 (monkey.cm.in.tum.de) 131.159.24.63 22leonardo tonetto ONE VM Monkey Leonardo Tonetto - 04/17
one09 (mango/hotcrp.cm.in.tum.de)131.159.24.127anywhere - 443,80Vaibhav BajpaiONE VM Mango Hotcrp Host - 12/17
one10 (canberra)131.159.24.138LRZ VPN/MWN - 22,443,80,8080,3000,8000Daniel HerzogONE Daniel Herzog Master student - 03/19
emu02131.159.24.21LRZ VPN/MWN - 22,8082,8181Thomas PaulMarcel Lotze + Chaitwanya student Dell Switch Controler 03/18
one12 (mira)131.159.24.108LRZ VPN/MWN - 22, anywhere - 3036Viet DoanONE mira Viet Doan MT student thanumai 11/18
one13 (externalds)131.159.24.140anywhere - 9873 (ssh port!)Linus DietzBuild Server uses SFTP 04/18
ideacloud1131.159.24.245anywhere - 80,443,5060,8080Michele BrocoIdeacloud Laptop Michele 04/18
one15 (proton)131.159.24.144anywhere - 80,443,8883,3306; mwn - 22Michael HausSocial Computing Task - Data Collection VM 04/18
one16 (emilia)131.159.24.149 anywhere - udp 1024-65536; mwn - 22Vaibhav BajpaiQuic Test Server Master Thesis Bernhard Jäger 06/18
one20 (veronika)131.159.24.156lrz vpn/mwn - tcp 22Vaibhav BajpaivVaibhav student Jeslin John 07/18
one19 (katarina)131.159.24.154lrz vpn/mwn - tcp 22, all - udp 443,3389-3391Vaibhav BajpaiVaibhav student Quic Measurements Sergey Podanev 07/18
one21 (banana)131.159.24.157lrz vpn/mwn - tcp 22Vaibhav Bajpaiv Vaibhav student Justus Fries 07/18
vmott16131.159.24.164lrz vpn/mwn - tcp 22, all - udp 443,3389-3390, all - udp+tcp 53 (external DNS), all - udp 1024-65535Vaibhav BajpaicVaibhav student Quic measurement, external DNS queries VM Sergey Podanev + Jeslin John 07/18
one22 (albany)131.159.24.165lrzvpn/mwn - tcp 22, all - tcp 3389Viet DoanViet Bsc student Mobile phone data collection sftp Markus Oberprieler 07/18
vmott17131.159.24.174lrzvpn/mwn - tcp 22, any - udp 3389-3390Vaibhav BajpaiVaibhav Student Quic Procotol measurements Bernhard Jäger 07/18
cm43131.159.24.179any - udp 3389-3391Vaibhav BajpaiVaibhav student QUIC Sergey Podanev 08/18
one24 (meter.cm.in.tum.de)131.159.24.48any - tcp 80,443,4556,1234,7895Thomas PaulArthur Meter Digitalization Backend Server 09/18
vmott23131.159.24.40any-tcp 80+443, mwn-tcp 22+3306Wolfgang WörndlMT Haimerl Mysql DB und Webserver 03/19
one23 (kiwi.cm.in.tum.de)131.159.24.193mwn - tcp 22,80,8080,443Vaibhav BajpaiMT Florian Sprang dashboard cdn 11/18
vmott21131.159.24.7any - tcp 80 + 443Simon ZelenskiDokuwiki VM Service IP
testbed01131.159.24.142any - tcp 8877Teemu Kaerkkaeinen Testbed01 Experiments
one01131.159.24.42 any - tcp 80 + 443Vaibhav BajpaiONE plum Data Collection VM
one06131.159.24.47 MWN - 22 Faulhaben NilsONE cathy Thesis VM
one10131.159.24.31 MWN - UDP 47810-47812 Ayguen BaltaciONE anelia Research VM
one17 (stella)131.159.24.89 MWN - TCP+UDP 3000, UDP 8000, TCP 22 Simon Kostin (Daniel Herzog)ONE stella Student Thesis VM
sensornet.cm.in.tum.de131.159.24.90All - 9090, 9091 TCPTeemu Kaerkkaeinen Service IP - IOT Sensornet VM deneb
grobid.cm.in.tum.de131.159.24.112 8070 TCP Linus Dietz grobid serves http on port 8070
mobility-dashboard 131.159.24.114 TCP 22,8050 open zo MWN, TCP 80, 443 open to Internet Lukas Vorwerk (Linus Dietz) Student Thesis VM
one36.cm.in.tum.de131.159.24.120 TCP 80, 443 worldwideMichael Hausdata publishing VM
awx.cm.in.tum.de131.159.24.178TCP 80, 443 MWNThomas Paulopen awx for MWN hosts
trace.cm.in.tum.de (one58)131.159.24.160TCP 22 MWNViet Doantraceroute measurements with IPv6
one38 (one-db)
one45 (one-vault)
one48 (one-awx)
devimg01 - 131.159.24.137
testbed01 - 131.159.24.142
testbed02 - 131.159.24.150
sim01 - 131.159.24.15
net01 - 131.159.24.163
net02 - 131.159.24.151
net03 - 131.159.24.166
emu01 - 131.159.24.18
emu02 - 131.159.24.21
emu03 - 131.159.24.20
emu06 - 131.159.24.35 
host:f:awx.cm.in.tum.de     131.159.24.178
host:f:vault.cm.in.tum.de     131.159.24.29
host:f:orders.cm.in.tum.de     131.159.24.34
host:f:hostview.cm.in.tum.de     131.159.24.91
host:f:db.cm.in.tum.de         131.159.24.52
host:f:awx.cm.in.tum.de     131.159.24.178
host:f:icinga.cm.in.tum.de     131.159.24.117
host:f:one01.cm.in.tum.de       131.159.24.42
host:f:one02.cm.in.tum.de       131.159.24.86
host:f:one03.cm.in.tum.de       131.159.24.84
host:f:one04.cm.in.tum.de       131.159.24.60
host:f:one05.cm.in.tum.de       131.159.24.113
host:f:one06.cm.in.tum.de       131.159.24.47
host:f:one07.cm.in.tum.de       131.159.24.10
host:f:one08.cm.in.tum.de       131.159.24.63
host:f:one09.cm.in.tum.de       131.159.24.127
host:f:one10.cm.in.tum.de       131.159.24.31
host:f:one11.cm.in.tum.de       131.159.24.139
host:f:one12.cm.in.tum.de       131.159.24.108
host:f:one13.cm.in.tum.de       131.159.24.140
host:f:one14.cm.in.tum.de       131.159.24.83
host:f:one15.cm.in.tum.de       131.159.24.144
host:f:one16.cm.in.tum.de       131.159.24.149
host:f:one17.cm.in.tum.de       131.159.24.89
host:f:one18.cm.in.tum.de       131.159.24.153
host:f:one19.cm.in.tum.de       131.159.24.154
host:f:one20.cm.in.tum.de       131.159.24.156
host:f:one21.cm.in.tum.de       131.159.24.157
host:f:one22.cm.in.tum.de       131.159.24.165
host:f:one23.cm.in.tum.de       131.159.24.193
host:f:one24.cm.in.tum.de       131.159.24.48
host:f:one28.cm.in.tum.de       131.159.24.114
host:f:one31.cm.in.tum.de       131.159.24.112
host:f:one34.cm.in.tum.de       131.159.24.115
host:f:one36.cm.in.tum.de       131.159.24.120
host:intum:vmott10     131.159.24.36
host:intum:vmott11     131.159.24.38
host:intum:vmott12     131.159.24.41
host:intum:vmott14     131.159.24.53
host:intum:vmott16     131.159.24.164
host:intum:vmott17     131.159.24.174
host:intum:vmott18     131.159.24.50
host:intum:vmott19     131.159.24.187
host:intum:vmott2     131.159.24.136
host:intum:vmott20     131.159.24.56
host:intum:vmott21     131.159.24.5
host:intum:vmott23     131.159.24.40
host:intum:vmott24     131.159.24.45
host:intum:vmott25     131.159.24.110
host:intum:vmott3     131.159.24.141
host:intum:vmott4     131.159.25.6
host:intum:vmott5     131.159.24.2
host:intum:vmott8     131.159.24.14
host:intum:vmschlichter21     131.159.24.76
host:intum:vmschlichter22     131.159.24.30
host:intum:vmschlichter24     131.159.24.239
host:intum:vmschlichter28     131.159.24.82
Hostname IP Ports User Notes
vmott72001:4ca0:2003:240::9lrz vpn/mwn - tcp 22, all - udp 443,3389-339Vaibhav BajpaicVaibhav student Quic measurement faster network VM Sergey Podanev 07/18
one19 (katarina)2001:4ca0:2003:240::154lrz vpn/mwn - tcp 22, all - udp 443,3389-3391Vaibhav BajpaiVaibhav student Quic Measurements Sergey Podanev 07/18
vmott162001:4ca0:2003:240::164lrz vpn/mwn - tcp 22, all - udp 443,3389-3391, all - udp+tcp 53 (external DNS), all - udp 1024-65535Vaibhav BajpaicVaibhav student Quic measurement, external DNS queries VM Sergey Podanev + Jeslin John 07/18
vmott172001:4ca0:2003:240::174any - udp 3389-3390Vaibhav BajpaiVaibhav Student Quic Procotol measurements Bernhard Jäger 07/18
one012001:4ca0:2003:240::42 any - tcp 80 + 443Vaibhav BajpaiONE plum Data Collection VM
sensornet.cm.in.tum.de2001:4ca0:2003:240::90All - 9090, 9091 TCPTeemu Kaerkkaeinen Service IP - IOT Sensornet VM deneb
one36.cm.in.tum.de2a09:80c0:24::120TCP 80, 443 worldwideMichael Hausdata publishing VM

il11

remark VPN Zugang il11
permit ip 172.24.146.0 0.0.0.255 any

remark LRZ VPN 2017121310013176
permit ip 129.187.0.0 0.0.255.255 any
permit ip 10.152.42.0 0.0.1.255 any
permit ip 10.152.126.0 0.0.1.255 any

il11_5 (MWN / ONE)

# Zugriff aus dem eduroam Netz
remark Doktoranden der Sensorknoten 2020021810005143
permit tcp 131.159.192.0 0.0.31.255 any eq 22
permit tcp 131.159.192.0 0.0.31.255 any eq 80
permit tcp 131.159.192.0 0.0.31.255 any eq 443
permit tcp 131.159.192.0 0.0.31.255 any eq 1883
permit tcp 131.159.192.0 0.0.31.255 any eq 8080
permit tcp 131.159.192.0 0.0.31.255 any eq 8883

remark Doktoranden der Sensorknoten 2020021810005143
permit tcp 2a09:80c0:192::/64 any eq 22
permit tcp 2a09:80c0:192::/64 any eq 80
permit tcp 2a09:80c0:192::/64 any eq 443
permit tcp 2a09:80c0:192::/64 any eq 1883
permit tcp 2a09:80c0:192::/64 any eq 8080
permit tcp 2a09:80c0:192::/64 any eq 8883

People with VPN access to the chair network can be seen on the RBG webapp under the LDAP group vpnil11 -https://rbgwebapp.in.tum.de/struktur/eintrag/vpn:vpnil11. Check this wiki page to request access as an employee. As an aministrators check this page.