Depending on source and target of network traffic different firewalls need to be passed. This document is meant to help with understanding where which firewall is relevant. There are basically four variants how network traffic can be limited.
A workstation in the student pools is configured quite openly where outbound traffic is concerned. If you want to use VMs/Containers with your own network config please read the relevant documentation on which networks to use.
Inbound traffic on the other hand is limited to the MWN. Should you have a short-term need for externaly initiated connections you could use for example a ssh tunnel through our remote machines. The LRZ VPN can help here too.
Outbound only Port 631(Cups/Printer) is blocked.
This service is only reachable from inside the MWN.
This service is only reachable from inside the MWN but is allowed to create outbound connections without restrictions.
On Eduroam you get a private IPv4 address routed in the MWN and a globally routed IPv6 address.
The network traffic with the global IPv6 address has the normal LRZ imposed restrictions to the rest of the internet.
The network traffic with the private IPv4 address has the limitations of variant 4. The traffic is freely routed inside of the MWN and passes to the outside through the LRZ Secomat/NAT-Gateway. Portforwarding is not intended.
Please inform yourselves here concerning network traffic limitations. In addition to the network firewall a cyber nanny is also active on this network.
Bayern WiFi only uses private IPv4 addresses. Therefore the limitations of variant 4 apply.
You can choose one of three firewall configurations for your device upon authentication.
Port 111(sunrpc), 2049(NFS), 25(smtp) are blocked.
Please see the CIP Wifi headpoint for this.
This is analogous to the Eduraom headpoint.
The LRZ offers a VPN service which treats your device analogously to Eduroam.