Generel[scope_network_1]

The data centers of the universities of Mannheim, Ulm, Karlsruhe and Freiburg are blocking some ports in their respective own networks for security reasons. The bwCloud region is also affected by this, as the bwCloud hardware is connected to the central network infrastructure.

The public IP ranges of the bwCloud regions are from the BelWü address range. This address is logically located outside the respective network areas of the hosting universities (= locations of the bwCloud). They are treated as external addresses from the perspective of the respective firewalls of the institutions.

⇈ Hoch

Consequences of the packet firewall for users[scope_network_2]

The most important effect for users is that the data network runs more reliably and securely. Hacker attacks are largely blocked at the packet firewall and no longer reach the campus and end systems. The importance of this protection can be seen from the fact that attack attempts now occur almost daily.

However, there are also a number of restrictions that need to be considered: If services other than those listed above, which are generally enabled, are to be accessible from outside, this must be reported to the university IT department. The corresponding service will then be activated on the packet firewall.

It can also happen that connections to certain services supposedly established from the instance do not work. This is always the case if the external server wants to establish a connection back to the instance to provide the service, which is often not easy for the user to verify.

bwCloud Mannheim: Open and closed ports

To ensure a certain basic protection in the network of the University of Mannheim, certain applications have been blocked at the borders of the university network to BelWü since October 1999. However, this is not intended to be a central firewall for the university, but rather to filter out the worst nonsense at the external borders of the University of Mannheim according to the "onion-skin principle".

In the range - (wellknown ports) the following ports are open in server networks:

Transport Port Protocol Description Blocking
TCP (open) 22 ssh SSH-Server in/ outbound
TCP (open) 80 http Web-Server in/ outbound
UDP,TCP (open) 443 https Web-Server over SSL in/ outbound
TCP (open) 465 smtps SMTP over SSL in/ outbound
TCP (open) 587 submission Message Submission in/ outbound
TCP (open) 990 FTPs ftp protocol, control, over TLS/SSL in/ outbound
TCP (open) 993 IMAPs IMAP Mail over SSL in/ outbound
TCP (open) 995 POPs POP Mail over SSL in/ outbound

The following ports are blocked in the range above 1023:

Transport Port Protocol Description Blocking
TCP 1433,1434 MS-SQL MS-Office inbound
TCP 1501 TSM Backup inbound
TCP 1900 SSDP Service Discovery inbound
UDP,TCP 2049 NFS Filesystem inbound
TCP 2967 Symantec Symantec inbound
UDP 3283 Apple Apple Remote Desktop inbound
TCP 3306 mysql mysql inbound
UDP,TCP 3389 RDP Remote Desktop inbound
UDP 3702 Printer WS-Discovery inbound
UDP,TCP 4045 lockd Filesystem inbound
TCP 4369 EPMD PortMapper inbound
TCP 5000 UPnP Universal Plug and Play inbound
UDP 5353 mdns Multicast DNS inbound
TCP 5432 PostgreSQL PostgreSQL inbound
TCP 5985 WinRM WinRM inbound
TCP 8333 Bitcoin Bitcoin Full Bode inbound
TCP 8080 www-alt Alternativer www Port inbound
TCP 9075 nx-os Cisco Nexus inbound
UDP 11211 memcached inbound
TCP 27017 MongoDB MongoDB inbound
UDP 32100 IoT IoT outbound
UDP 32414 open-SSDP Plex Media Servers inbound

bwCloud Karlsruhe: Closed ports

The following ports are blocked in the network range in Karlsruhe

Transport Port Protocol Description Blocking
UDP, TCP 111 RPC-Portmapper Portmapper Security inbound/outbound

⇈ Hoch

Network range[scope_network_3]

bwCloud Freiburg

Please inform yourself about the operating concept of bwCloud Region Freiburg. In the following table, the designations refer to the bwCloud versions described in the operating concept. The separation of the networks between the bwCloud versions cannot be removed.

Name Network Subnet Mask
public 192.52.32.0/21 255.255.248.0
(inactive) public 192.52.40.0/21 255.255.248.0
(experimental) public 192.52.40.0/21 255.255.248.0

⇈ Hoch

Privacy statement   |   Impressum   |   Site built with Simple Responsive Template   |   Modified:3.6.2024before midday byAS