• What is a firewall? And do I need one?
• How do I configure my firewall?
• What ports is EECS blocking?
• How do I have a port opened for my machine at the department border?
• I can’t send e-mail through the department servers from home. Is the department blocking this?
• Why can’t I access a Windows share from outside of the EECS network?

What is a firewall? And do I need one?

A firewall is a gateway or barrier set up to protect a computer or private network from outside networks. Firewalls may either be software, hardware or a combination of both. They are used to control which network connections can cross the firewall. Most firewalls allow the administrator to configure which connections are allowed and which are blocked via rules based on the connecting port, IP address, specific system and/or software involved. A properly configured firewall should prevent unauthorized connections from other machines on the Internet.

According to the “Minimum Standards for Security of Berkeley Campus Networked Devices”, firewall software that is listed for a particular device’s OS at https://software.berkeley.edu must be running on that device.

How do I configure my firewall?

Information on configuring your host-based firewall to be compliant with campus standards may be found here:  https://security.berkeley.edu/minimum-security-standards-networked-devices-mssnd#three.

Which ports is EECS blocking?

This information has been moved to the EECS Firewall Blocked Ports page.

How do I have a port opened for my machine at the department border?

Exceptions to the department’s firewall can be made for ports 21, 23, 25, 80 and 443. Requests for exceptions may be made for machines with fixed IPs by filling out an Update System Request form.

I can’t send e-mail through the department servers from home. Is the department blocking this?

The department is not blocking the ports used to send e-mail to gateway.eecs.berkeley.edu, the department’s SMTP server. Internet service providers are more and more commonly blocking port 25 (used to send e-mail over SMTP) to control and prevent spam and viruses from being sent through servers that they do not maintain. Any one of the following steps should help you get around this problem:

• Try using port 587 for your outgoing server port. Information on making this change can be found in this FAQ in the Software section under most mail clients. Note: Outlook 2000 and 2003 will not let you use 587, but most other mail user agents (e.g. Mozilla Thunderbird) will.
• You can use your ISPs own mail relay instead of gateway.eecs
• Remote desktop to winterm.eecs.berkeley.edu and read/send mail from there
• Use the web interface to access your e-mail (https://bmail.berkeley.edu/)
• Use the Campus VPN Service to get around ISP port blocking.

Why can’t I access a Windows share from my laptop or at home?

As with the ports required to send e-mail, some Internet service providers block the ports necessary to access Windows shares over a network. To get around these port blocks, you can either:

1. Access the files on winterm.eecs.berkeley.edu by using Remote Desktop (see /faq/windows/#outside)
2. Use the Campus VPN Service to get around ISP port blocking.

Because the department’s firewall only opens the ports required for Windows shares to home, project, winsww and print, file shares on other Windows machines are not accessible outside of the EECS network. To access such a share, use Remote Desktop to connect to winterm.eecs.berkeley.edu, and from there you can connect to your server (if it is configured to handle remote desktop connections).