[Systems Req #34125] Firewall configurations again

Ivan R. Judson judson at mcs.anl.gov
Tue Sep 14 12:30:32 CDT 2004


I'm getting significant stress from the SC Global Execs that we need to have
this infrastructure accessible or turn to something else.

When can these modifications be put in place? I at least need to know that.

Thanks,

--Ivan 

> -----Original Message-----
> From: Ivan R. Judson [mailto:judson at mcs.anl.gov] 
> Sent: Monday, September 13, 2004 10:21 PM
> To: 'Gene Rackow'
> Cc: 'MCS Systems'; 'Michael E. Papka'; 'Rick Stevens'; 
> 'ag-dev at mcs.anl.gov'
> Subject: RE: [Systems Req #34125] Firewall configurations again 
> 
> 
> Hey Gene,
> 
> Thanks for this list. There are things that can be cleaned 
> up, here's a list of modifications, it's nicely a zero sum 
> game for the number of conduits, but it let's us have 
> everything we need for the time being accessbile.  Some of 
> these have a shorter timeframe, so I can send you updates 
> when things can be closed down.
> 
> If you need justification, please just let me know what it 
> looks like so I can get it done as quickly as possible.
> 
> ------Modifications-------
> 
> hobbes.mcs.anl.gov:
> 
> DROP:
> 
> permit udp any host 140.221.9.35 eq 9000 permit udp any host 
> 140.221.9.35 eq 9002 permit udp any host 140.221.9.35 eq 9004 
> permit udp any host 140.221.9.35 eq 9006
> 
> watts.mcs.anl.gov:
> 
> DROP:
> 
> permit tcp any host 140.221.34.7 eq 8004 permit tcp any host 
> 140.221.34.7 eq 8006  
> 
> ADD:
> 
> # Development Venue Server (with Jabber) permit tcp any host 
> 140.221.34.7 eq 9000 permit tcp any host 140.221.34.7 eq 9001 
> permit tcp any host 140.221.34.7 eq 9002 permit tcp any host 
> 140.221.34.7 eq 9003
> 
> # Jabber Server
> permit tcp any host 140.221.34.7 eq 5269 permit udp any host 
> 140.221.34.7 eq 5222 permit udp any host 140.221.34.7 eq 5223 
> permit udp any host 140.221.34.7 eq 5269
> 
> hume.mcs.anl.gov:
> 
> DROP:
> 
> permit udp any host 140.221.9.8 eq 9000 permit udp any host 
> 140.221.9.8 eq 9002 permit udp any host 140.221.9.8 eq 9004 
> permit udp any host 140.221.9.8 eq 9006  
> 
> nietzsche.mcs.anl.gov:
> 
> ADD:
> permit tcp any host 140.221.11.44 eq 5500 permit tcp any host 
> 140.221.11.44 eq 5600
> 
> 
> And here's a list of what I think it should look like if 
> those modifications are made:
> 
> ------Final Configuration-------
> 
> hobbes.mcs.anl.gov has address 140.221.9.35
> 
> # SC Global Venue Server, will retire after SC permit tcp any 
> host 140.221.9.35 eq 9000 permit tcp any host 140.221.9.35 eq 
> 9002 permit tcp any host 140.221.9.35 eq 9004 permit tcp any 
> host 140.221.9.35 eq 9006  
> 
> watts.mcs.anl.gov has address 140.221.34.7, with alias 
> jabber.mcs.anl.gov
> 
> # Institutional Venue Server
> permit tcp any host 140.221.34.7 eq 8000 permit tcp any host 
> 140.221.34.7 eq 8001 permit tcp any host 140.221.34.7 eq 8002 
> permit tcp any host 140.221.34.7 eq 8003  
> 
> # Development Venue Server (with Jabber) permit tcp any host 
> 140.221.34.7 eq 9000 permit tcp any host 140.221.34.7 eq 9001 
> permit tcp any host 140.221.34.7 eq 9002 permit tcp any host 
> 140.221.34.7 eq 9003
> 
> # Jabber Server
> permit tcp any host 140.221.34.7 eq 5222 permit tcp any host 
> 140.221.34.7 eq 5223 permit tcp any host 140.221.34.7 eq 5269 
> permit udp any host 140.221.34.7 eq 5222 permit udp any host 
> 140.221.34.7 eq 5223 permit udp any host 140.221.34.7 eq 5269
> 
> hume.mcs.anl.gov has address 140.221.9.8, with alias vv2.mcs.anl.gov
> 
> # Transitional Venue Server
> permit tcp any host 140.221.9.8 eq 9000 permit tcp any host 
> 140.221.9.8 eq 9002 permit tcp any host 140.221.9.8 eq 9004 
> permit tcp any host 140.221.9.8 eq 9006
> 
> ag-2.mcs.anl.gov has address 140.221.11.79  
> 
> # Production AG2 Venue Server
> permit tcp any host 140.221.11.79 eq 8000 permit tcp any host 
> 140.221.11.79 eq 8002 permit tcp any host 140.221.11.79 eq 
> 8004 permit tcp any host 140.221.11.79 eq 8006
> 
> spinoza.mcs.anl.gov has address 140.221.10.90 # Nothing configured
> 
> ag-tech.mcs.anl.gov has address 140.221.9.160
> 
> # HTTP Clearly
> permit tcp any host 140.221.9.160 eq 80
> 
> # Proxy service for the MOO
> permit tcp any host 140.221.9.160 eq 9997 permit tcp any host 
> 140.221.9.160 eq 9999
> 
> nietzsche.mcs.anl.gov has address 140.221.11.44, with alias 
> voyager.mcs.anl.gov
> 
> # Voyager 1 Server
> permit tcp any host 140.221.11.44 eq 5500 permit tcp any host 
> 140.221.11.44 eq 5600 
> 
> How long will it take to get these modifications in place?
> 
> --Ivan
> > -----Original Message-----
> > From: Gene Rackow [mailto:rackow at mcs.anl.gov]
> > Sent: Monday, September 13, 2004 5:01 PM
> > To: judson at mcs.anl.gov
> > Cc: 'Gene Rackow'; 'MCS Systems'; 'Michael E. Papka'; 'Rick 
> Stevens'; 
> > rackow at mcs.anl.gov
> > Subject: Re: [Systems Req #34125] Firewall configurations again
> > 
> > "Ivan R. Judson" made the following keystrokes:
> >  >
> >  >I forgot ag-tech.mcs.anl.gov.
> > 
> >  permit tcp any host 140.221.9.160 eq 80  permit tcp any host 
> > 140.221.9.160 eq 9997  permit tcp any host 140.221.9.160 eq 9999
> > 
> >  >
> >  >Can you send those as well?
> >  >
> >  >Thanks,
> >  >
> >  >--Ivan
> >  >
> > 
> > 




More information about the ag-dev mailing list