fwunit1 access to git-internal, srxes

RESOLVED FIXED

Status

Infrastructure & Operations
NetOps: DC ACL Request
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: dustin, Assigned: dcurado)

Tracking

Details

I need a flow for the flow tester..

fwunit1.private.releng.scl3.mozilla.com
 -> git-internal.mozilla.org 22/tcp
    fw1.releng.scl3.mozilla.net 22/tcp
    fw1.scl3.mozilla.net 22/tcp

If the fw1 flows are problematic and would be easier from some other VLAN, I'll be happy to move this host - just let me know.
(Assignee)

Updated

4 years ago
Assignee: network-operations → dcurado
(Assignee)

Comment 1

4 years ago
working on this
Status: NEW → ASSIGNED
(Assignee)

Comment 2

4 years ago
Dustin -- What happens when you try to ssh to
10.26.75.1 
and/or
10.22.75.1

Those are the private IPs of fw1.releng.scl3 and fw1.scl3

Thanks...
Flags: needinfo?(dustin)
[root@fwunit1.private.releng.scl3 ~]# nc -vz 10.26.75.1 22
^C
[root@fwunit1.private.releng.scl3 ~]# nc -vz 10.22.75.1 22
^C

(no connection, in other words)
Flags: needinfo?(dustin)
(Assignee)

Comment 4

4 years ago
This part is in place:
  From zone: dc, To zone: private
  Source addresses:
    fwunit1.private.releng: 10.26.75.128/32
  Destination addresses:
    git-internal.mozilla.org: 10.22.75.154/32
  Application: junos-ssh
    IP protocol: tcp, ALG: 0, Inactivity timeout: 86400
      Source port range: [0-0] 
      Destination port range: [22-22]

Still working on the ssh access to the firewalls.
(Assignee)

Comment 5

4 years ago
OK, let's forget trying to ssh into the firewall directly connected interfaces.
If you use their external names...
fw1.releng.scl3.mozilla.net and fw1.scl3.mozilla.net, it appears to work now.

[dcurado@fwunit1.private.releng.scl3 ~]$ nc -vz fw1.releng.scl3.mozilla.net 22
Connection to fw1.releng.scl3.mozilla.net 22 port [tcp/ssh] succeeded!
[dcurado@fwunit1.private.releng.scl3 ~]$ nc -vz fw1.scl3.mozilla.net 22
Connection to fw1.scl3.mozilla.net 22 port [tcp/ssh] succeeded!

If this still does not work for you, please re-open.  
Thanks.
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Rock on -- that was even what I asked for ;)
You need to log in before you can comment on or make changes to this bug.