[Systems Req #34125] Firewall configurations again

Ivan R. Judson judson at mcs.anl.gov
Mon Sep 13 22:20:57 CDT 2004 

Hey Gene,

Thanks for this list. There are things that can be cleaned up, here's a list
of modifications, it's nicely a zero sum game for the number of conduits,
but it let's us have everything we need for the time being accessbile.  Some
of these have a shorter timeframe, so I can send you updates when things can
be closed down.

If you need justification, please just let me know what it looks like so I
can get it done as quickly as possible.

------Modifications-------

hobbes.mcs.anl.gov:

DROP:

permit udp any host 140.221.9.35 eq 9000  
permit udp any host 140.221.9.35 eq 9002  
permit udp any host 140.221.9.35 eq 9004  
permit udp any host 140.221.9.35 eq 9006

watts.mcs.anl.gov:

DROP:

permit tcp any host 140.221.34.7 eq 8004  
permit tcp any host 140.221.34.7 eq 8006  

ADD:

# Development Venue Server (with Jabber)
permit tcp any host 140.221.34.7 eq 9000
permit tcp any host 140.221.34.7 eq 9001
permit tcp any host 140.221.34.7 eq 9002
permit tcp any host 140.221.34.7 eq 9003

# Jabber Server
permit tcp any host 140.221.34.7 eq 5269
permit udp any host 140.221.34.7 eq 5222  
permit udp any host 140.221.34.7 eq 5223
permit udp any host 140.221.34.7 eq 5269

hume.mcs.anl.gov:

DROP:

permit udp any host 140.221.9.8 eq 9000  
permit udp any host 140.221.9.8 eq 9002  
permit udp any host 140.221.9.8 eq 9004  
permit udp any host 140.221.9.8 eq 9006  

nietzsche.mcs.anl.gov:

ADD:
permit tcp any host 140.221.11.44 eq 5500
permit tcp any host 140.221.11.44 eq 5600


And here's a list of what I think it should look like if those modifications
are made:

------Final Configuration-------

hobbes.mcs.anl.gov has address 140.221.9.35

# SC Global Venue Server, will retire after SC
permit tcp any host 140.221.9.35 eq 9000  
permit tcp any host 140.221.9.35 eq 9002  
permit tcp any host 140.221.9.35 eq 9004  
permit tcp any host 140.221.9.35 eq 9006  

watts.mcs.anl.gov has address 140.221.34.7, with alias jabber.mcs.anl.gov

# Institutional Venue Server
permit tcp any host 140.221.34.7 eq 8000  
permit tcp any host 140.221.34.7 eq 8001  
permit tcp any host 140.221.34.7 eq 8002  
permit tcp any host 140.221.34.7 eq 8003  

# Development Venue Server (with Jabber)
permit tcp any host 140.221.34.7 eq 9000
permit tcp any host 140.221.34.7 eq 9001
permit tcp any host 140.221.34.7 eq 9002
permit tcp any host 140.221.34.7 eq 9003

# Jabber Server
permit tcp any host 140.221.34.7 eq 5222 
permit tcp any host 140.221.34.7 eq 5223
permit tcp any host 140.221.34.7 eq 5269
permit udp any host 140.221.34.7 eq 5222  
permit udp any host 140.221.34.7 eq 5223
permit udp any host 140.221.34.7 eq 5269

hume.mcs.anl.gov has address 140.221.9.8, with alias vv2.mcs.anl.gov

# Transitional Venue Server
permit tcp any host 140.221.9.8 eq 9000  
permit tcp any host 140.221.9.8 eq 9002  
permit tcp any host 140.221.9.8 eq 9004  
permit tcp any host 140.221.9.8 eq 9006

ag-2.mcs.anl.gov has address 140.221.11.79  

# Production AG2 Venue Server
permit tcp any host 140.221.11.79 eq 8000  
permit tcp any host 140.221.11.79 eq 8002  
permit tcp any host 140.221.11.79 eq 8004  
permit tcp any host 140.221.11.79 eq 8006

spinoza.mcs.anl.gov has address 140.221.10.90
# Nothing configured

ag-tech.mcs.anl.gov has address 140.221.9.160

# HTTP Clearly
permit tcp any host 140.221.9.160 eq 80

# Proxy service for the MOO
permit tcp any host 140.221.9.160 eq 9997
permit tcp any host 140.221.9.160 eq 9999

nietzsche.mcs.anl.gov has address 140.221.11.44, with alias
voyager.mcs.anl.gov

# Voyager 1 Server
permit tcp any host 140.221.11.44 eq 5500
permit tcp any host 140.221.11.44 eq 5600 

How long will it take to get these modifications in place?

--Ivan
> -----Original Message-----
> From: Gene Rackow [mailto:rackow at mcs.anl.gov] 
> Sent: Monday, September 13, 2004 5:01 PM
> To: judson at mcs.anl.gov
> Cc: 'Gene Rackow'; 'MCS Systems'; 'Michael E. Papka'; 'Rick 
> Stevens'; rackow at mcs.anl.gov
> Subject: Re: [Systems Req #34125] Firewall configurations again 
> 
> "Ivan R. Judson" made the following keystrokes:
>  >
>  >I forgot ag-tech.mcs.anl.gov.
> 
>  permit tcp any host 140.221.9.160 eq 80  permit tcp any host 
> 140.221.9.160 eq 9997  permit tcp any host 140.221.9.160 eq 9999
> 
>  >
>  >Can you send those as well?
>  >
>  >Thanks,
>  >
>  >--Ivan
>  >
> 
>

More information about the ag-dev mailing list