[Systems Req #34125] Firewall configurations again
Ivan R. Judson
judson at mcs.anl.gov
Tue Sep 14 12:49:16 CDT 2004
Awesome, I did not know that.
--ivan
> -----Original Message-----
> From: Gene Rackow [mailto:rackow at mcs.anl.gov]
> Sent: Tuesday, September 14, 2004 12:33 PM
> To: judson at mcs.anl.gov
> Cc: 'Gene Rackow'; 'MCS Systems'; 'Michael E. Papka'; 'Rick
> Stevens'; ag-dev at mcs.anl.gov; rackow at mcs.anl.gov
> Subject: Re: [Systems Req #34125] Firewall configurations again
>
> The things you sent me late yesterday are in place.
> --Gene
> "Ivan R. Judson" made the following keystrokes:
> >
> >I'm getting significant stress from the SC Global Execs
> that we need to have >this infrastructure accessible or turn
> to something else.
> >
> >When can these modifications be put in place? I at least
> need to know that.
> >
> >Thanks,
> >
> >--Ivan
> >
> >> -----Original Message-----
> >> From: Ivan R. Judson [mailto:judson at mcs.anl.gov] >>
> Sent: Monday, September 13, 2004 10:21 PM >> To: 'Gene Rackow'
> >> Cc: 'MCS Systems'; 'Michael E. Papka'; 'Rick Stevens';
> >> 'ag-dev at mcs.anl.gov'
> >> Subject: RE: [Systems Req #34125] Firewall configurations
> again >> >> >> Hey Gene, >> >> Thanks for this list.
> There are things that can be cleaned >> up, here's a list of
> modifications, it's nicely a zero sum >> game for the number
> of conduits, but it let's us have >> everything we need for
> the time being accessbile. Some of >> these have a shorter
> timeframe, so I can send you updates >> when things can be
> closed down.
> >>
> >> If you need justification, please just let me know what
> it >> looks like so I can get it done as quickly as possible.
> >>
> >> ------Modifications-------
> >>
> >> hobbes.mcs.anl.gov:
> >>
> >> DROP:
> >>
> >> permit udp any host 140.221.9.35 eq 9000 permit udp any
> host >> 140.221.9.35 eq 9002 permit udp any host
> 140.221.9.35 eq 9004 >> permit udp any host 140.221.9.35 eq
> 9006 >> >> watts.mcs.anl.gov:
> >>
> >> DROP:
> >>
> >> permit tcp any host 140.221.34.7 eq 8004 permit tcp any
> host >> 140.221.34.7 eq 8006 >> >> ADD:
> >>
> >> # Development Venue Server (with Jabber) permit tcp any
> host >> 140.221.34.7 eq 9000 permit tcp any host
> 140.221.34.7 eq 9001 >> permit tcp any host 140.221.34.7 eq
> 9002 permit tcp any host >> 140.221.34.7 eq 9003 >> >> #
> Jabber Server >> permit tcp any host 140.221.34.7 eq 5269
> permit udp any host >> 140.221.34.7 eq 5222 permit udp any
> host 140.221.34.7 eq 5223 >> permit udp any host
> 140.221.34.7 eq 5269 >> >> hume.mcs.anl.gov:
> >>
> >> DROP:
> >>
> >> permit udp any host 140.221.9.8 eq 9000 permit udp any
> host >> 140.221.9.8 eq 9002 permit udp any host 140.221.9.8
> eq 9004 >> permit udp any host 140.221.9.8 eq 9006 >> >>
> nietzsche.mcs.anl.gov:
> >>
> >> ADD:
> >> permit tcp any host 140.221.11.44 eq 5500 permit tcp any
> host >> 140.221.11.44 eq 5600 >> >> >> And here's a list
> of what I think it should look like if >> those
> modifications are made:
> >>
> >> ------Final Configuration-------
> >>
> >> hobbes.mcs.anl.gov has address 140.221.9.35 >> >> # SC
> Global Venue Server, will retire after SC permit tcp any >>
> host 140.221.9.35 eq 9000 permit tcp any host 140.221.9.35 eq
> >> 9002 permit tcp any host 140.221.9.35 eq 9004 permit tcp
> any >> host 140.221.9.35 eq 9006 >> >> watts.mcs.anl.gov
> has address 140.221.34.7, with alias >> jabber.mcs.anl.gov
> >> >> # Institutional Venue Server >> permit tcp any host
> 140.221.34.7 eq 8000 permit tcp any host >> 140.221.34.7 eq
> 8001 permit tcp any host 140.221.34.7 eq 8002 >> permit tcp
> any host 140.221.34.7 eq 8003 >> >> # Development Venue
> Server (with Jabber) permit tcp any host >> 140.221.34.7 eq
> 9000 permit tcp any host 140.221.34.7 eq 9001 >> permit tcp
> any host 140.221.34.7 eq 9002 permit tcp any host >>
> 140.221.34.7 eq 9003 >> >> # Jabber Server >> permit tcp
> any host 140.221.34.7 eq 5222 permit tcp any host >>
> 140.221.34.7 eq 5223 permit tcp any host 140.221.34.7 eq 5269
> >> permit udp any host 140.221.34.7 eq 5222 permit udp any
> host >> 140.221.34.7 eq 5223 permit udp any host
> 140.221.34.7 eq 5269 >> >> hume.mcs.anl.gov has address
> 140.221.9.8, with alias vv2.mcs.anl.gov >> >> #
> Transitional Venue Server >> permit tcp any host 140.221.9.8
> eq 9000 permit tcp any host >> 140.221.9.8 eq 9002 permit
> tcp any host 140.221.9.8 eq 9004 >> permit tcp any host
> 140.221.9.8 eq 9006 >> >> ag-2.mcs.anl.gov has address
> 140.221.11.79 >> >> # Production AG2 Venue Server >>
> permit tcp any host 140.221.11.79 eq 8000 permit tcp any host
> >> 140.221.11.79 eq 8002 permit tcp any host 140.221.11.79
> eq >> 8004 permit tcp any host 140.221.11.79 eq 8006 >> >>
> spinoza.mcs.anl.gov has address 140.221.10.90 # Nothing
> configured >> >> ag-tech.mcs.anl.gov has address
> 140.221.9.160 >> >> # HTTP Clearly >> permit tcp any host
> 140.221.9.160 eq 80 >> >> # Proxy service for the MOO >>
> permit tcp any host 140.221.9.160 eq 9997 permit tcp any host
> >> 140.221.9.160 eq 9999 >> >> nietzsche.mcs.anl.gov has
> address 140.221.11.44, with alias >> voyager.mcs.anl.gov >>
> >> # Voyager 1 Server >> permit tcp any host 140.221.11.44
> eq 5500 permit tcp any host >> 140.221.11.44 eq 5600 >> >>
> How long will it take to get these modifications in place?
> >>
> >> --Ivan
> >> > -----Original Message-----
> >> > From: Gene Rackow [mailto:rackow at mcs.anl.gov] >> >
> Sent: Monday, September 13, 2004 5:01 PM >> > To:
> judson at mcs.anl.gov >> > Cc: 'Gene Rackow'; 'MCS Systems';
> 'Michael E. Papka'; 'Rick >> Stevens'; >> >
> rackow at mcs.anl.gov >> > Subject: Re: [Systems Req #34125]
> Firewall configurations again >> > >> > "Ivan R. Judson"
> made the following keystrokes:
> >> > >
> >> > >I forgot ag-tech.mcs.anl.gov.
> >> >
> >> > permit tcp any host 140.221.9.160 eq 80 permit tcp
> any host >> > 140.221.9.160 eq 9997 permit tcp any host
> 140.221.9.160 eq 9999 >> > >> > > >> > >Can you send
> those as well?
> >> > >
> >> > >Thanks,
> >> > >
> >> > >--Ivan
> >> > >
> >> >
> >> >
> >
>
>
More information about the ag-dev
mailing list