Physics runs a firewall configuration which blocks all unwanted incoming connections from both the university and the internet in general, and also controls traffic between the internal subnets.
It is possible to set firewall exceptions for specific systems, where research needs require it. If you have such a need, talk to us about it, and we'll help figure out a solution.
If you need to connect to a system inside Tate Lab from outside, most simple applications can be tunnelled using ssh. For example, VNC (a remote desktop application) can be tunnelled by following this guide: Tunneling VNC over SSH with PuTTY. If you need assistance with configuring SSH to support your application, contact us for help.
To make localhost:1234 connect to somehost.physics.umn.edu on port 5510
$ ssh -L1234:somehost.physics.umn.edu:5510 firstname.lastname@example.org
The guide How to Tunnel VNC over SSH gives an example of using PuTTY to forward VNC over SSH.
Some applications do not behave properly when used behind a firewall. In this case a proxy can help. Please refer to the following list of workarounds:
Physics users may have trouble transferring data to or from some FTP servers, if those ftp servers are also behind a firewall. We provide an ftp proxy server to work around this problem. To use it:
hostnameis the remote site you want to connect to, and
usernameis the username at the remote site.
$ ftp ftp-proxy.spa.umn.edu Connected to dunnotar.spa.umn.edu. 220 FTP proxy (v0.13.5) ready Name (ftp-proxy.spa.umn.edu:root): email@example.com Password: 230 Login successful. ftp>
Some ftp servers may not behave gracefully with the basic
ftp command line tool. If that fails, you might try
ncftp which is an improved client. For example:
ncftp -u firstname.lastname@example.org ftp-proxy.spa.umn.edu
or for the non-anonymous version:
ncftp -u email@example.com -p mypassword ftp-proxy.spa.umn.edu
To connect to an ftp site using a web browser, you would use a URL like this:
for example to connect to the HST archive at stsci.edu: