Go to the U of M home page
School of Physics & Astronomy
School of Physics and Astronomy Wiki

User Tools

Trace:
computing:network:firewall_and_proxies

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computing:network:firewall_and_proxies [2009/11/15 17:13] allancomputing:network:firewall_and_proxies [2022/05/27 15:42] (current) – [External connections] cse-sull0153
Line 1: Line 1:
-====== Tate Lab firewall and proxies ======+====== Physics firewall and proxies ======
 Physics runs a firewall configuration which blocks all unwanted incoming connections from both the university and the internet in general, and also controls traffic between the internal subnets. Physics runs a firewall configuration which blocks all unwanted incoming connections from both the university and the internet in general, and also controls traffic between the internal subnets.
  
-It is possible to set firewall exceptions for specific hosts in some circumstancesthough we require a strong business case to do so.+It is possible to set firewall exceptions for specific systemswhere research needs require it. If you have such need, talk to us about it, and we'll help figure out a solution.
  
 ===== External connections ===== ===== External connections =====
  
-  * Port 22/tcp (ssh) is the only port which is open to all internal hosts from everywhere on the internet.+  * Port 22/tcp (ssh) is the only port which is open to all static internal hosts from University of Minnesota VPN and campus networks. ssh is //not// open to dynamic ip addresses. 
 +  * spa-ssh-01.spa.umn.edu is the only host that is open to the world and DUO login is required unless an SSH key is used.
  
 ===== Internal connections ===== ===== Internal connections =====
Line 19: Line 20:
 ===== SSH Tunnelling ===== ===== SSH Tunnelling =====
 If you need to connect to a system inside Tate Lab from outside, most simple applications can be tunnelled using [[:computing:software:ssh|ssh]]. If you need to connect to a system inside Tate Lab from outside, most simple applications can be tunnelled using [[:computing:software:ssh|ssh]].
-For example, VNC (a remote desktop application) can be tunnelled by following this guide: [[http://martybugs.net/smoothwall/puttyvnc.cgi|Tunneling VNC over SSH with PuTTY]].  If you need assistance with configuring SSH to support your application, contact us for help.+For example, VNC (a remote desktop application) can be tunnelled by following this guide: [[http://home.highertech.net/~john/Putty-Tunnel/putty-tunnel.html|Tunneling VNC over SSH with PuTTY]].  If you need assistance with configuring SSH to support your application, contact us for help.
  
 ==== SSH Tunnelling Examples ==== ==== SSH Tunnelling Examples ====
Line 26: Line 27:
  
 <xterm> <xterm>
-ssh -L1234:somehost.physics.umn.edu:5510 myusername@physics.umn.edu +ssh -L1234:somehost.physics.umn.edu:5510 myusername@physics.umn.edu 
 </xterm> </xterm>
 === Windows === === Windows ===
-The guide [[http://martybugs.net/smoothwall/puttyvnc.cgi|Tunneling VNC over SSH with PuTTY]] gives an example of using PuTTY to forward VNC over SSH.+The guide [[http://helpdeskgeek.com/how-to/tunnel-vnc-over-ssh/|How to Tunnel VNC over SSH]] gives an example of using PuTTY to forward VNC over SSH.
  
 ===== Proxies ===== ===== Proxies =====
Line 50: Line 51:
 ftp> ftp>
 </xterm> </xterm>
 +
 +Some ftp servers may not behave gracefully with the basic ''ftp'' command line tool. If that fails, you might try ''ncftp'' which is an improved client. For example:
 +  ncftp -u anonymous@archive.stsci.edu ftp-proxy.spa.umn.edu
 +or for the non-anonymous version:
 +  ncftp -u myusername@archive.stsci.edu -p mypassword ftp-proxy.spa.umn.edu
  
 To connect to an ftp site using a web browser, you would use a URL like this: To connect to an ftp site using a web browser, you would use a URL like this:
computing/network/firewall_and_proxies.1258326814.txt.gz · Last modified: 2009/11/15 17:13 by allan

Page Tools