Network Request 2023-12-10

Redbrick admins sent a request to ISS to open up some ports and to update them on the current state of Redbrick. This is the document that was sent outlining the changes and reasoning behind them.


All IPs are part of

IP Port Reason
[4,5,6,50] 80 HTTP traffic (only used for generating certs).
[4,5,6,50] 443 HTTPS traffic (also used for headscale).
[4] 1194 Management VPN for admins.
[50] 4500-4510 Various ports for exposing isolated containerised game servers. Used by both Redbrick and others. See Games
[50] 6667 IRC
[50] 8448 Matrix Federation requirement

Redbrick Firewall Information

Recently Redbrick acquired a new “external” firewall (see docs). This means we have audit logs, traffic identification (and categorisation), well defined access rules and fail2ban-esque blocking.

Redbrick Internal Scans

We run a free version (limited to 16 ips) of nessus on the internal side of the 16.0/24 address range. This should alert us to vulnerabilities before they are exposed. We’re inside the DCU wide scan also and action information from weekly scans.

Link to job


Initially we plan to run Minecraft, Factorio and Terarria servers. These will all be running inside containers with tightly restricted port access (docker network isolation) and will run using the UID+GID of a noshell user on the host.

Other Access Notes

The admins have a VPN (using OpenVPN) for ssh, access to internal web UIs and switch/firewall configuration.

Expected Plan for the Future

The image below shows our hopeful plan for our new servers. Over the Christmas we plan to start work towards this, and some time in the new year we can discuss it further.


Redbrick once upon a time had alongside If possible we’d like to acquire this again. For now can be delegated to the same domain name server as In the future we will change our DNS system to a more robust service.