The Open Systems Group

The virtual machine infrastructure's network is located behind Cisco routers that are ACL'd to prohibit most incoming connections by default. This means that ACLs will need to be filed to open ports for incoming connections that need to communicate with any virtual machine.

Please note: Default ACLs are already in place on the hosting network to allow connections from UFAD's servers, the UF security scanners, and also to the UF name servers.

ACLs can be done on a per port level, a per machine level, or a per-network range model or any combination of the previous. ACLs can be restricted at the protocol level as well - UDP, TCP, both, ICMP.

Since the hosting network is registered to the Open Systems Group, we will need to be involved in ACL requests for machines in the virtual hosting infrastructure. Please send a note to the cns-hosting-request-l@lists.ufl.edu email address to get an ACL request filed with Net Services.

Some typical ACL requests might be:

open ports 80,443 (tcp) for all ip addresses for virtual-apache-server.somebody.ufl.edu

open incoming connections to port 22 using tcp to host virtual-apache-server.somebody.ufl.edu from all hosts on campus

allow all incoming connections to host virtual-apache-server.somebody.ufl.edu from all hosts on network 10.241.33.0/24

allow incoming connections to ports 135-139 using tcp, port 135 using udp, and port 445 using tcp to hosts on ranges 10.241.33.0/24, 128.227.156.0/24

Allow all connections to virtual hosts 10.241.33.200-225 from all hosts on networks 128.227.0.240/27 using tcp or udp

permit icmp traffic to virtual host virtual-apache-server.somebody.ufl.edu from host 128.227.0.240