From mjg59@srcf.ucam.org Mon Nov 8 13:43:19 2004 Subject: Re: [Computer-help] Re: JCN / JSCU Servers From: Matthew Garrett To: Damian Kramer Cc: jcn-sysadmins@jesus.cam.ac.uk, jcsu-sysadmins@jesus.cam.ac.uk, computer-help@jesus.cam.ac.uk In-Reply-To: References: Content-Type: text/plain Date: Mon, 08 Nov 2004 13:43:19 +0000 Message-Id: <1099921400.7867.20.camel@tyrosine> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 X-Evolution-Transport: smtp://mjg59;auth=PLAIN@cavan.codon.org.uk:465/;use_ssl=when-possible X-Evolution-Account: mjg59@srcf.ucam.org X-Evolution-Fcc: email://1085509449.5919.0@tyrosine/Sent X-Evolution-Format: text/plain Status: RO Content-Length: 1609 X-UID: 7440 X-Keywords: X-Evolution-Source: imap://mjg59@cavan.codon.org.uk/ Content-Transfer-Encoding: 8bit On Fri, 2004-11-05 at 14:57 +0000, Damian Kramer wrote: > Hi Matthew, > > Have you made any progress in identifying the appropriate ports? I'd like to > get this done by the end of next week. Hi Damian, I believe that the Zeus and Poseidon data have already been sent to you - here's the listing for Athena. 22/TCP - SSH 111/TCP - portmap (blocked at the CUDN border routers) 123/TCP - NTP 123/UDP - NTP 389/TCP - LDAP services, used to provide directory information about users (NIS is unusable for some purposes, since it requires portmap traffic and this is blocked at the CUDN boundary) 6667/TCP - IRC 51396/UDP - VPN service, since NFS is otherwise unencrypted 1->1024/TCP/UDP - NIS (it's a Sun RPC based service, so it binds to an unused port and the clients use portmap to negotiate the correct connection. If this is impractical, we can limit it to VPN traffic) 1->1024/TCP/UDP - rpc.statd (metadata server for NFS - same issues as NIS) 1->1024/TCP/UDP - rpc.nfsd (the actual NFS server - same issues as NIS) 1025->65535 (inclusive)/TCP - IRC file transfers work by binding to an unused unprivileged port. Most clients will work with a limited range if configured to do so, so a range of 20 or so ports would do (we can change the default configuration and let any affected users know) 7080/TCP - part of infrastructure for modifying webpages to make them more accessible to blind users 1025 1034 2056 2222 5556 6010 6011 32560 32561 32562 32563 32564 55556 These are all currently bound by user processes. I'll get in touch with the users involved. -- Matthew Garrett | mjg59@srcf.ucam.org