If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Unable to connect to office.mozilla.org:22 from YVR Mozilla wi-fi

RESOLVED INVALID

Status

Infrastructure & Operations
NetOps: Office ACL Requests
RESOLVED INVALID
3 years ago
3 years ago

People

(Reporter: gps, Assigned: XioNoX)

Tracking

Details

(Reporter)

Description

3 years ago
I'm following the directions at https://intranet.mozilla.org/Office_JumpHost#Jumphost to try to ssh into office.mozilla.org. However, it appears my TCP packets are being dropped:

$ ssh -v office.mozilla.org
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/gps/.ssh/config
debug1: /Users/gps/.ssh/config line 22: Applying options for *.mozilla.org
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: Connecting to office.mozilla.org [10.250.0.23] port 22.

I'm currently on the Mozilla Wi-Fi network in the YVR office:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether b8:e8:56:31:ff:68
	inet6 fe80::bae8:56ff:fe31:ff68%en0 prefixlen 64 scopeid 0x4
	inet6 2001:450:1c:224:bae8:56ff:fe31:ff68 prefixlen 64 autoconf
	inet6 2001:450:1c:224:1441:892:141d:62d0 prefixlen 64 autoconf temporary
	inet 10.244.25.23 netmask 0xfffff800 broadcast 10.244.31.255
	nd6 options=1<PERFORMNUD>
	media: autoselect
	status: active

$ telnet office.mozilla.org 22
Trying 10.250.0.23...

Now-working flow is:

 tcp 10.244.25.23:* -> 10.250.0.23:22

I'm not sure if this is an actual ACL problem or outdated documentation.
(Reporter)

Comment 1

3 years ago
Or it could be invalid DNS advertised to the YVR office. I dunno how any of this is supposed to work :)
(Assignee)

Comment 2

3 years ago
Outdated doc, per Opsec decision, this VPN never got rebuilt after the move to the new Mountain view office.
Instead you can use: https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=40052660
https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=30769829
Or the other offices VPN 
https://intranet.mozilla.org/Office_JumpHost#Common_Files
Assignee: network-operations → arzhel
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INVALID
(Reporter)

Comment 3

3 years ago
Thank you for updating the docs!

I tried using the SSH jumphost originally with SSH tunneling, but the remote server was 403'ing.

http://ganglia1.metrics.scl3.mozilla.com/

A coworker was able to connect through the VPN. I suspect its an Apache auth config issue. File another bug?
(Assignee)

Comment 4

3 years ago
You're right. I'm not sure who manages that server though.
See Also: → bug 1072010
You need to log in before you can comment on or make changes to this bug.