This page provides information that’s useful in the situation where you have equipment (computers or other devices) in your research lab that needs to be remotely accessible to some degree beyond the default.

Important note: ECE Computing strongly discourages and resists research groups opening up ssh to the world, since too many ECE research groups have gotten their servers hacked through wide-open ssh ports. Use Husky OnNet, and leave your machines accessible only from campus!


ECE’s Network Structure

Our network is divided into two segments – departmental subnets (“ECE”) and research subnets (“ECE-RES”).

Wired network traffic within each segment is unrestricted. This means you can make pretty much any type of connection from one device to another, even from one room to another – as long as both devices are plugged into network wall jacks on the same segment.

By default, SSH and RDP (Microsoft Remote Desktop) connections are allowed to ECE/ECE-RES computers and devices from anywhere on campus. Any other type of connection requires ECE Computing to create a firewall rule addition before any external connection can be successful.

Information we need before opening a firewall hole

If you are requesting the creation of an opening in the department’s firewall, please email all of the following information to help@ece.uw.edu. Note that adding a firewall rule requires we assign your device a fixed IP address (see below for more info)

  • We will need to know what network ports need to be opened (e.g. TCP 443, UDP 7000)
  • We also need to know where the connections to the device will be coming from – meaning is the external connection going to be from a specific campus address/addresses; from any campus address; from a specific range of addresses off campus; or from any possible address anywhere.
  • Let us know the name of the relevant lab and its faculty PI.
  • Please also include the name and email address of the person we should contact with any questions that might crop up!

Note that a UW person can make a “campus” connection, even from off-campus, if they connect to the Husky OnNet VPN.

In the case where you need to give access to a non-UW individual (or small number of individuals), the alternative to opening your device up “to the world” is – you have the option of sponsoring a NetID for these users and provisioning them for OnNet. One big advantage to this approach is you keep the potential attack surface of your devices small, limiting access to just the UW network versus reachable by anyone from anywhere on earth.

Information we need before assigning a fixed IP address

If you need a fixed IP address and/or DNS name for a computer or other network-accessible device, send an email to help@ece.uw.edu with the following information.

  • The MAC (network hardware) address of the device
  • The type of device
  • The room it’s in
  • The network subnet it’s on (the easiest way to do this is to plug some other computer into that same network port and let us know what IP address it’s assigned)
  • Also, since we’ll be creating an .ece.uw.edu name for the device, please let us know your name preference, if you have one – if it’s not a computer/server, we prefer to give it a name related to its function (e.g. foolab-synology.ece.uw.edu, foolab-laserprinter.ece.uw.edu)
  • Important note: we no longer allow names shorter than three characters!