For security reasons stricter rules are applied to networks engaged in the eduroam project. The eduroam network is connected to Internet via Cisco PIX firewall. Everything that is not explicitly allowed, is forbidden.
For configuration of IPv4 clients a DHCP service is used and assigned addresses are from subnet 193.84.56.0/22. The prefix 2001:718:1e03:aed1::/64 is used for IPv6 clients.
Following IPv4 services and ICMP, GRE, ESP, AH protocols are allowed.
|
port
|
service
|
description
|
|
21/tcp
|
FTP
|
File transfer
|
|
22/tcp
|
SSH
|
Secure shell
|
|
23/tcp
|
Telnet
|
Terminal access
|
|
37/tcp
|
Time
|
Time
|
|
80/tcp
|
HTTP
|
WWW pages
|
|
88/udp
|
Kerberos
|
Authentication protocol
|
|
110/tcp
|
POP3
|
Email access
|
|
119/tcp
|
NNTP
|
News
|
|
123/udp
|
NTP
|
Time
|
|
143/tcp
|
IMAP
|
Email access
|
|
389/tcp
|
LDAP
|
Directory service
|
|
443/tcp
|
HTTPS
|
WWW pages (SSL)
|
|
465/tcp
|
SMTPS
|
Sending emails
|
|
500/udp
|
ISAKMP
|
IPSec VPN
|
|
554/tcp
|
RTSP
|
Real-Time Streaming Protocol
|
|
563/tcp
|
NNTPS
|
News (SSL)
|
|
587/tcp
|
Apple mail
|
Apple SMTP submission
|
|
636/tcp
|
LDAPS
|
Directory service (SSL)
|
|
993/tcp
|
IMAPS
|
Email access (SSL)
|
|
995/tcp
|
POP3S
|
Email access (SSL)
|
|
1042/tcp
|
Licence server
|
Licence server
|
|
1111/tcp
|
MM-adm
|
Macromedia Communication Server - admin
|
|
1194/tcp
|
OpenVPN
|
OpenVPN
|
|
1194/udp
|
OpenVPN
|
OpenVPN
|
|
1195/tcp
|
OpenVPN
|
OpenVPN
|
|
1195/udp
|
OpenVPN
|
OpenVPN
|
|
1213/tcp
|
CRM
|
Iterity CRM
|
|
1352/tcp
|
Lotus
|
Lotus Notes
|
|
1443/tcp
|
UStat
|
UStat
|
|
1444/tcp
|
IS UK
|
IS UK
|
|
1677/tcp
|
Novell
|
Novell Groupwise
|
|
1723/tcp
|
PPTP
|
PPTP VPN
|
|
1755/tcp
|
MMS
|
MMS with TCP-based transport (MMST)
|
|
1801/tcp
|
DigiTool
|
DigiTool
|
|
1935/tcp
|
RTMP
|
Macromedia Communication Server
|
|
2221/tcp
|
ESET NOD32
|
ESET NOD32
|
|
2222/tcp
|
ESET NOD32
|
ESET NOD32
|
|
2223/tcp
|
ESET NOD32
|
ESET NOD32
|
|
2224/tcp
|
ESET NOD32
|
ESET NOD32
|
|
2401/tcp
|
CVS
|
Source code access
|
|
3389/tcp
|
RDP
|
Terminal services - remote desktop
|
|
3478-3497/
udp
|
Facetime
|
Apple Facetime
|
|
4158/tcp
|
AVGAdmin
|
AVG Admin
|
|
4500/udp
|
IPSec NAT-T
|
IPSec PAT/NAPT
|
|
5060/tcp
|
SIP
|
Session Initiation Protocol (VoIP)
|
|
5060/udp
|
SIP
|
Session Initiation Protocol (VoIP)
|
|
5190/tcp
|
AOL/ICQ
|
ICQ client/server
|
|
5222/tcp
|
Jabber
|
IM Jabber
|
|
5223/tcp
|
Jabber
|
IM Jabber (SSL)
|
|
5228/tcp
|
Android
|
Android market
|
|
5228/udp
|
Android
|
Android market
|
|
5881/tcp
|
DigiTool
|
DigiTool
|
|
5938/tcp
|
Teamviewer
|
Teamviewer
|
|
6667/tcp
|
IRC
|
Internet Relay Chat
|
|
6881/tcp
|
DigiTool
|
DigiTool - Meditor
|
|
6991/tcp
|
Alef
|
Alef
|
|
6992/tcp
|
Alef
|
Alef
|
|
7070/tcp
|
Real
|
Real Audio control + data
|
|
7071/tcp
|
Real
|
Real Audio control + data
|
|
8000/tcp
|
Onelog
|
Onelog portal
|
|
8001-8079/
udp
|
RTP
|
SIP - RTP (VoIP)
|
|
8080/tcp
|
HTTP
|
WWW pages (proxy)
|
|
8081/tcp
|
DG
|
DG Client
|
|
8082/tcp
|
DG
|
DG Client
|
|
8170/tcp
|
HTTPS
|
Podcast Producer
|
|
8171/tcp
|
HTTP
|
Podcast Producer
|
|
8290/tcp
|
Winbox
|
MikroTik Winbox - management
|
|
8291/tcp
|
Winbox
|
MikroTik Winbox - management
|
|
8300/tcp
|
NovellIM
|
Novell Messenger
|
|
8331/tcp
|
MetalibUK
|
Metalib UK
|
|
8443/tcp
|
HTTPS/DG
|
DG Client
|
|
8801/tcp
|
UStat
|
UStat
|
|
9443/tcp
|
ProQuest
|
ProQuest
|
|
10000/tcp
|
IPSec over TCP
|
IPSec over TCP
|
|
11371/tcp
|
hkp
|
OpenPGP HTTP Keyserver
|
|
16384-
16386/udp
|
Facetime
|
Apple Facetime
|
|
16393-
16402/udp
|
Facetime
|
Apple Facetime
|
|
18080/tcp
|
Verde
|
Verde
|
|
18182/tcp
|
Fring IM
|
Fring IM
|
|
27001/tcp
|
Licence server
|
Licence server
|
|
28080/tcp
|
Verde
|
Verde
|
|
30000/tcp
|
IM+
|
Apple IM+
|
|
52000-
53800/tcp
|
Fring IM
|
Fring IM
|
|
52000-
53800/udp
|
Fring IM
|
Fring IM
|
Access to DNS service and sending emails via SMTP protocol is restricted to University servers:
IPv4
DNS1: 195.113.2.2
DNS2: 195.113.44.11
SMTP: smtp.eduroam.cuni.cz
IPv6
DNS: 2001:718:1e03:1::2
Special setting for CU training facilities Dobronice and Poříčí
The eduroam network on this sites is locally routed (IPv4 network 10.192.92.0/24, IPv6 is not available) and there is very limited set of allowed services. The WindowsUpdate service is not available on this sites.
|
port
|
service
|
description
|
|
22/tcp
|
SSH
|
Secure shell
|
|
80/tcp
|
HTTP
|
WWW pages
|
|
110/tcp
|
POP3
|
Email access
|
|
143/tcp
|
IMAP
|
Email access
|
|
443/tcp
|
HTTPS
|
WWW pages (SSL)
|
|
465/tcp
|
SMTPS
|
Sending emails
|
|
587/tcp
|
Apple mail
|
Apple SMTP submission
|
|
993/tcp
|
IMAPS
|
Email access (SSL)
|
|
995/tcp
|
POP3S
|
Email access (SSL)
|
|
2221/tcp
|
ESET NOD32
|
ESET NOD32
|
|
2222/tcp
|
ESET NOD32
|
ESET NOD32
|
|
2223/tcp
|
ESET
NOD32
|
ESET NOD32
|
|
2224/tcp
|
ESET NOD32
|
ESET NOD32
|
|
3389/tcp
|
RDP
|
Terminal services - remote desktop
|
|
8443/tcp
|
HTTPS/DG
|
DG Client
|
Access to DNS service and sending emails via SMTP protocol is restricted to University servers:
DNS1: 195.113.2.2
DNS2: 195.113.44.11
SMTP: smtp.eduroam.cuni.cz
Name and eduroam logo are registered trademarks of the TERENA.
