Difference: Networks (6 vs. 7)

Revision 72011-07-06 - WilliamSeligman

Line: 1 to 1
 
META TOPICPARENT name="Computing"

Nevis Networks and Firewall Restrictions

Line: 52 to 52
 any of the systems on the private network.

Here's a more specific example. Consider two systems: kolya.nevis.columbia.edu

Changed:
<
<
with IP address 129.236.252.83, and student40.nevis.columbia.edu with IP address 10.44.40.40. The former system is
>
>
with IP address 129.236.252.83, and eeyore.nevis.columbia.edu with IP address 10.44.40.67. The former system is
 on the public network, the latter system is on the private network. A user logged into kolya can ssh to
Changed:
<
<
student40, and vice versa. A user at CERN can ssh to kolya, but not to student40; if there was a critical need to login to student40 from CERN, the user would have to login to kolya first, then login to student40 from there.
>
>
eeyore, and vice versa. A user at CERN can ssh to kolya, but not to eeyore; if there was a critical need to login to eeyore from CERN, the user would have to login to kolya first, then login to eeyore from there.
 (Note that because of automount,
Changed:
<
<
there's actually little need to login to student40 directly;
>
>
there's actually little need to login to eeyore directly;
 this example would be more relevant for systems that were not part of the Linux cluster.)

When systems on the private network access the outside world (e.g., if

Changed:
<
<
someone on student40 logs into CERN), to the remote systems the access
>
>
someone on eeyore logs into CERN), to the remote systems the access
 appears to come from address 129.236.255.57, the "outside" IP address of our firewall. This is called "IP masquerading" or "Network Adddress Translation." Outside users cannot login or otherwise access
Line: 74 to 74
  Examples of Nevis systems on the private network are:
  • the nodes on the Nevis condor batch farm;
Changed:
<
<
  • almost all the offices in the Nevis research building (including the student systems in room 118);
>
>
  • almost all the offices in the Nevis research building (including the student boxes);
 
  • the systems in the Nevis "carriage house" (shipping and receiving) and the machine shop.

The private network has a limitation: for a machine to be on the

Line: 143 to 143
 The systems in the Annex are not part of the Nevis public network, so they cannot access the individual systems in the Nevis private network; e.g., you can't login from merlin.phys.columbia.edu
Changed:
<
<
to student40.nevis.columbia.edu, or use automount to access /a/data/student40.
>
>
to eeyore.nevis.columbia.edu, or use automount to access /a/data/eeyore.
 

Ping, Traceroute, and the Firewall

 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback