Header Search Widget
IRIS

Instructional & Research Information Systems

Firewalls

What is a firewall? Do I need one?

A firewall is a gateway or barrier set up to protect a computer or private network from outside networks. Firewalls may either be software, hardware, or a combination of both. They are used to control which network connections can cross the firewall. Most firewalls allow the administrator to configure which connections are allowed and which are blocked via rules based on the connecting port, IP address, specific system, and/or software involved. A properly configured firewall should prevent unauthorized connections from other machines on the Internet.

According to the “Minimum Standards for Security of Berkeley Campus Networked Devices”, firewall software that is listed for a particular device’s OS at https://software.berkeley.edu must be running on that device.

How do I configure my firewall?

Information on configuring your host-based firewall to be compliant with campus standards may be found here:  https://security.berkeley.edu/policy/minimum-security-standards-networked-devices-mssnd

Which ports is EECS blocking? How do I have a port opened for my machine?

This information has been moved to the EECS Firewall Blocked Ports page.

I can’t send e-mail through the department servers from home. Is the department blocking this?

The department is not blocking the ports used to send e-mail to gateway.eecs.berkeley.edu, the department’s SMTP server. Internet service providers are more and more commonly blocking port 25 (used to send e-mail over SMTP) to control and prevent spam and viruses from being sent through servers that they do not maintain. Any one of the following steps should help you get around this problem:

  • Try using port 587 for your outgoing server port. Information on making this change can be found in this FAQ in the Software section under most mail clients. Note: Outlook 2000 and 2003 will not let you use 587, but most other mail user agents (e.g. Mozilla Thunderbird) will.
  • You can use your ISP’s own mail relay instead of gateway.eecs
  • Remote desktop to winterm.eecs.berkeley.edu and read/send mail from there
  • Use the web interface to access your e-mail (e.g. http://bmail.berkeley.edu/)
  • Use the Campus VPN Service to get around ISP port blocking

Why can’t I access a Windows share from my laptop or at home?

As with the ports required to send e-mail, some Internet service providers block the ports necessary to access Windows shares over a network. To get around these port blocks, you can either:

  1. Access the files on winterm.eecs.berkeley.edu by using Remote Desktop (see /faq/windows/#outside)
  2. Use the Campus VPN Service to get around ISP port blocking

Because the department’s firewall only opens the ports required for Windows shares to home, project, winsww and print, file shares on other Windows machines are not accessible outside of the EECS network. To access such a share, use Remote Desktop to connect to winterm.eecs.berkeley.edu, and from there you can connect to your server (if it is configured to handle remote desktop connections).