I'm following the directions at https://intranet.mozilla.org/Office_JumpHost#Jumphost to try to ssh into office.mozilla.org. However, it appears my TCP packets are being dropped: $ ssh -v office.mozilla.org OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /Users/gps/.ssh/config debug1: /Users/gps/.ssh/config line 22: Applying options for *.mozilla.org debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 102: Applying options for * debug1: Connecting to office.mozilla.org [10.250.0.23] port 22. I'm currently on the Mozilla Wi-Fi network in the YVR office: en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether b8:e8:56:31:ff:68 inet6 fe80::bae8:56ff:fe31:ff68%en0 prefixlen 64 scopeid 0x4 inet6 2001:450:1c:224:bae8:56ff:fe31:ff68 prefixlen 64 autoconf inet6 2001:450:1c:224:1441:892:141d:62d0 prefixlen 64 autoconf temporary inet 10.244.25.23 netmask 0xfffff800 broadcast 10.244.31.255 nd6 options=1<PERFORMNUD> media: autoselect status: active $ telnet office.mozilla.org 22 Trying 10.250.0.23... Now-working flow is: tcp 10.244.25.23:* -> 10.250.0.23:22 I'm not sure if this is an actual ACL problem or outdated documentation.
Or it could be invalid DNS advertised to the YVR office. I dunno how any of this is supposed to work :)
Outdated doc, per Opsec decision, this VPN never got rebuilt after the move to the new Mountain view office. Instead you can use: https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=40052660 https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=30769829 Or the other offices VPN https://intranet.mozilla.org/Office_JumpHost#Common_Files
Thank you for updating the docs! I tried using the SSH jumphost originally with SSH tunneling, but the remote server was 403'ing. http://ganglia1.metrics.scl3.mozilla.com/ A coworker was able to connect through the VPN. I suspect its an Apache auth config issue. File another bug?
You're right. I'm not sure who manages that server though.