-
Notifications
You must be signed in to change notification settings - Fork 47
ports_management
In this section we list all the ports that the mini-Internet uses for various purposes.
More generally, we recommend to use a firewall such as ufw
and close all ports but the one
used by SSH and the ones used for the mini-Internet.
Here is short summary of what you have to do.
Open the following ports:
2000+: for the SSH port forwarding.
10000+: for the VPN servers.
443: for the web server access with HTTPS.
80: for the web server access with HTTP.
3000: for the krill webserver.
Close the following ports:
3080: used to access the krill webserver locally with HTTP.
8080: used to access the main webserver locally with HTTP.
all the other unecessary ports.
Students access their devices from a proxy container that is accessible via SSH. SSH port forwarding must be used within the server hosting the mini-Internet to tunnel ssh connections for a particular port to the proxy container of one particular group. A port number is thus assigned to every group.
By default, we adopt the following scheme for the mapping port to group number: 2000+group_number
.
These ports must be open. The script utils/ssh/port_forwarding.sh
, that is used to make the SSH tunnels
also opens these ports using ufw
.
Students can also access the mini-Internet using VPN servers that are running within the mini-Internet. To do that, one port per VPN server must be opened.
You can find the ports of the VPN servers by looking at their configuration file, which is
available in the groups
directory. For instance, for group X and the VPN server Y, the port
is indicated in the file groups/gX/vpn/vpn_Y/server.conf
.
Basically, the scheme that we follow to allocate the ports for the VPN servers is the following:
we start at port 10000 and iterate over all the groups and VPN servers. We just increment by one the port number at every iteration.
When the mini-Internet starts, it runs two webservers: the main one and one for krill.
However, we use a proxy container to access these two servers from outside.
The proxy listens on ports 443
(resp. 80
) for HTTPS (resp.) HTTP) connections, that it then forwards to the main webserver using port 8080
and HTTP.
The proxy also listens on port 3000
for HTTPS connections that it then forwards to the krill webserver using port 3080
and HTTP.
-
Configure the mini-Internet
-
Operate the mini-Internet
-
Use the mini-Internet
-
Built-in services
-
Additional tools and features