Project

General

Profile

Task #3011

Story #3010: Create a VPN between the production CNs

Firewall change: ORC (7613 and 7623)

Added by Andrew Pippin about 12 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Chris Brumgard
Category:
Support Operations
Target version:
-
Start date:
2012-06-22
Due date:
% Done:

100%

Milestone:
CCI-1.0.3
Product Version:
*
Story Points:
Sprint:

Description

Allow UCSB and UNM machines to communicate to ORNL via ports 7613 and 7623.

+Development+ cn-dev-3.dataone.org
* Connect from cn-dev.dataone.org on port 7613
** @sudo ufw allow to 160.36.13.153 port 7613 from 128.111.36.71@
* Connect from cn-dev-2.dataone.org on port 7623
** @sudo ufw allow to 160.36.13.153 port 7623 from 129.24.0.48@

+Sandbox+ cn-sandbox-orc-1.dataone.org
* Connect from cn-sandbox-ucsb-1.dataone.org on port 7613
** @sudo ufw allow to 160.36.13.152 port 7613 from 128.111.36.77@
* Connect from cn-sandbox-unm-1.dataone.org on port 7623
** @sudo ufw allow to 160.36.13.152 port 7623 from 64.106.40.7@

+Production+ cn-orc-1.dataone.org
* Connect from cn-ucsb-1.dataone.org on port 7613
** @sudo ufw allow to 160.36.13.150 port 7613 from 128.111.36.80@
* Connect from cn-unm-1.dataone.org on port 7623
** @sudo ufw allow to 160.36.13.150 port 7623 from 64.106.40.6@

Related issues

Related to Infrastructure - Task #3012: Firewall change: UCSB (7621 and 7631) Closed 2012-06-22
Related to Infrastructure - Task #3013: Firewall change: UNM (7612 and 7632) Closed 2012-06-22

History

#1 Updated by Dave Vieglais about 12 years ago

  • Target version set to Sprint-2012.25-Block.4.1
  • Assignee set to Chris Brumgard

This rule will be similar to the existing rules for ports 5701-5705 as far as the network endpoints are concerned.

Once this VPN is in place and confirmed operational, we do plan to close off most of currently open ports, but a separate request will be issued for that.

#2 Updated by Andrew Pippin about 12 years ago

  • Milestone changed from CCI-1.0.0 to CCI-1.0.3

Moving to version 1.0.3.

#3 Updated by Chris Brumgard about 12 years ago

I don't have any control over the ORNL ports nor am I administrating any machines at the ORNL location.

#4 Updated by Dave Vieglais about 12 years ago

This is actually for the ORC machines. The institutional firewall will need to have these ports open so that we can create a VPN between the locations hosting DataONE hardware. Once the VPN is in place, then we'll be able to close of most of the other open ports.

#5 Updated by Andrew Pippin about 12 years ago

  • Subject changed from Firewall change: ORNL (7621 and 7631) to Firewall change: ORC (7613 and 7623)

Changing configuration. ORC is now considered to be node 3.

#6 Updated by Andrew Pippin about 12 years ago

Tested to cn-orc-1.dataone.org, but the port is being blocked. Chris will submit a ticket to OIT at University of Tennessee.

#7 Updated by Chris Brumgard about 12 years ago

Tickets for the required firewall changes have been submitted. Awaiting action by OIT at UT.

#8 Updated by Chris Brumgard about 12 years ago

Ports are now open from anywhere. Will restrict source ip's once vpn details are finalized.

#9 Updated by Chris Brumgard about 12 years ago

  • % Done changed from 0 to 100

#10 Updated by Andrew Pippin about 12 years ago

Updated description.

#11 Updated by Dave Vieglais almost 12 years ago

  • Status changed from New to Closed

Rules in place but may need to be revoked depending on final vpn solution.

#12 Updated by Dave Vieglais over 11 years ago

  • Target version deleted (Sprint-2012.39-Block.5.4)

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)