|
Size: 970
Comment:
|
Size: 2309
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 5: | Line 5: |
| * NAT Router has been configured (by Larry@LIGO GC) through the GUI interface, which is only available from the martian network. To launch the GUI interface, simply access to the martian IP of the router with a web browser. You can find the user name and password at the usual secret place. | * NAT Router has been configured (by Larry@LIGO GC) through the GUI interface, which is only available from the martian network. To launch the GUI interface, simply access to the martian IP of the router (192.168.113.2) with a web browser. --(You can find the user name and password at the usual secret place.)-- User Name: 40Mubnt Password: ll@cit_admin_ubnt |
| Line 7: | Line 7: |
| {{attachment:Screen Shot.png|| width=1000}} | {{attachment:EdgeRouterNATSettings_2021-09-29_14-46-22.png|| width=1000}} |
| Line 15: | Line 15: |
| * 22220 (ssh) - port forwarded to port 22 on c1teststand for direct ssh access. | |
| Line 17: | Line 18: |
| * To log into c1teststand from outside internet (usual martian workstation passwords): {{{ssh controls@nodus.ligo.caltech.edu -p 22220}}} * To log into nodus from outside internet (you know the password if you are supposed to know it): {{{ssh controls@nodus.ligo.caltech.edu}}} ---- = NAT Router Firewall configuration = As of Aug 15, 2023 Policy: * Block any access to the NAT router from outside of the firewall * Block particular IP (banned IPs) to get through the martian firewall * Path outgoing packets through the firewall, except for the ones towards the banned IPs. 1. Firewall screen The firewall setting should look like this. {{attachment:FW.png}} FW.png 1. aaa {{attachment:FW_IP_GROUP.png}} {{attachment:FW_LAN1.png}} {{attachment:FW_LAN2.png}} {{attachment:FW_LAN3.png}} {{attachment:FW_LAN4.png}} {{attachment:FW_WAN_IN1.png}} {{attachment:FW_WAN_OUT1.png}} {{attachment:FW_WAN_OUT2.png}} {{attachment:FW_WAN_OUT3.png}} {{attachment:FW_WAN_OUT4.png}} {{attachment:FW_WAN_OUT5.png}} {{attachment:FW_WAN_OUT6.png}} {{attachment:FW_WAN_OUT7.png}} {{attachment:FW_WAN_OUT8.png}} |
NAT Router configuration
NAT Router is Ubiquiti Networks "Edge Router 4"
NAT Router has been configured (by Larry@LIGO GC) through the GUI interface, which is only available from the martian network. To launch the GUI interface, simply access to the martian IP of the router (192.168.113.2) with a web browser. You can find the user name and password at the usual secret place. User Name: 40Mubnt Password: ll@cit_admin_ubnt
Open ports:
- 22 (ssh) - port forwarded to nodus
- 873 (rsync) - port forwarded to nodus
- 8080/8081 (elogd) - port forwarded to nodus
- 30889 (apache) - port forwarded to nodus
- 31200 (NDS) - port forwarded to megatron
- 22220 (ssh) - port forwarded to port 22 on c1teststand for direct ssh access.
Along with the NAT router installation, firewall rule of the shorewall on nodus was turned off as it is no longer necessary. We still neet to keep shorewall itself running to open the specified ports. The WAN (GC net) side cable of nodus was removed. NodusShorewallSetting
- To log into c1teststand from outside internet (usual martian workstation passwords):
ssh controls@nodus.ligo.caltech.edu -p 22220
- To log into nodus from outside internet (you know the password if you are supposed to know it):
ssh controls@nodus.ligo.caltech.edu
NAT Router Firewall configuration
As of Aug 15, 2023
Policy:
- Block any access to the NAT router from outside of the firewall
- Block particular IP (banned IPs) to get through the martian firewall
- Path outgoing packets through the firewall, except for the ones towards the banned IPs.
- Firewall screen The firewall setting should look like this.
FW.png - aaa
