Difference: Networks (8 vs. 9)

Revision 92014-09-25 - WilliamSeligman

Line: 1 to 1
 
META TOPICPARENT name="Computing"

Nevis Networks and Firewall Restrictions

Line: 25 to 25
 CUIT has permitted Nevis to completely administer this network. This means we operate our own firewall to control access to the public network, and our own DNS
Changed:
<
<
servers to assign IP names to individual system (e.g., 129.236.252.8
>
>
servers to assign IP names to individual systems (e.g., 129.236.252.8
 has the name franklin.nevis.columbia.edu).

Access to systems on the Nevis network by the rest of the Internet (the "outside") is restricted to some extent by our firewall policy; e.g., we only permit access via ssh to certain systems, notably those on the Linux cluster. However, it is best to be cautious when formulating a network security policy, so you should assume the following:

Line: 67 to 67
  When systems on the private network access the outside world (e.g., if someone on eeyore logs into CERN), to the remote systems the access
Changed:
<
<
appears to come from address 129.236.255.57, the "outside" IP address
>
>
appears to come from address 129.236.255.60, the "outside" IP address
 of our firewall. This is called "IP masquerading" or "Network Adddress Translation." Outside users cannot login or otherwise access this dummy address; such attempts are blocked by the firewall.

Examples of Nevis systems on the private network are:

  • the nodes on the Nevis condor batch farm;
Changed:
<
<
  • almost all the offices in the Nevis research building (including the student boxes);
  • the systems in the Nevis "carriage house" (shipping and receiving) and the machine shop.
>
>
  • almost all the offices in the Nevis research and electronics buildings (including the student boxes);
  • the systems in the machine shop.
  The private network has a limitation: for a machine to be on the private network, it must be connected to a switch that is set up using
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback