Allow access from jenkins1.qa.scl3.mozilla.com to https://people.mozilla.org/

RESOLVED FIXED

Status

Infrastructure & Operations
NetOps
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: davehunt, Assigned: dcurado)

Tracking

Details

(Reporter)

Description

3 years ago
We need to be able to download the B2G fonts at https://people.mozilla.org/~mwu/fira-font-update.zip for flashing to our devices. At present we timeout trying to connect to this address.
(Reporter)

Updated

3 years ago
Blocks: 1065272
(Assignee)

Updated

3 years ago
Assignee: network-operations → dcurado
(Assignee)

Comment 1

3 years ago
Hello Dave, 
Sorry for the delay in picking up this bug.
I need your help.  
What is the name/ip of the source host you are trying the download from.
(the client, from whence you are trying the download)

Just thinking out loud here... while I wait for this info from you... could it be
a simple permissions problem on mwu's public_html directory?  
Thanks,
Dave Curado
Status: NEW → ASSIGNED
Flags: needinfo?(dave.hunt)
(Reporter)

Comment 2

3 years ago
(In reply to Dave Curado :dcurado from comment #1)
> Hello Dave, 
> Sorry for the delay in picking up this bug.
> I need your help.  
> What is the name/ip of the source host you are trying the download from.
> (the client, from whence you are trying the download)
> 
> Just thinking out loud here... while I wait for this info from you... could
> it be
> a simple permissions problem on mwu's public_html directory?  
> Thanks,
> Dave Curado

The name is in the bug summary: jenkins1.qa.scl3.mozilla.com and the IP is: 10.22.73.155

I am able to ping people.mozilla.org but unable to telnet to port 80 or 443, so I suspect it's not a permissions issue.
Flags: needinfo?(dave.hunt)
(Assignee)

Comment 3

3 years ago
duh.  sorry.  brain fart on my part.
woods/trees.
I'll take care of this now.
(Assignee)

Comment 4

3 years ago
OK, I have put a security policy in place that, uh, should allow ports 80 and 443 to get through.
But, it's a little quirky on this one.  jenkins1 and people.mozilla.org are connected to the
same firewall, and people.mozilla.org is behind a NAT on that firewall.
The result is the packets doing some weird gymnastics, which may require some further config
to make it work.
But let's try it and see what happens.  Can you give it a try and let me know if it works
now or not?  Thanks!

  From zone: qa, To zone: dmz
  Source addresses:
    jenkins1: 10.22.73.155/32
  Destination addresses:
    people1: 10.22.74.25/32
  Application: junos-http
    IP protocol: tcp, ALG: 0, Inactivity timeout: 28800
      Source port range: [0-0] 
      Destination port range: [80-80]
  Application: junos-https
    IP protocol: tcp, ALG: 0, Inactivity timeout: 1800
      Source port range: [0-0] 
      Destination port range: [443-443]
Flags: needinfo?(dave.hunt)
(Reporter)

Comment 5

3 years ago
Works great, thanks!
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Flags: needinfo?(dave.hunt)
Resolution: --- → FIXED
(Assignee)

Comment 6

3 years ago
cool!  
(glad I didn't have to configure a "hairpin nat" thing... )

Sorry for the delay in getting this done.
Enjoy the fonts!
You need to log in before you can comment on or make changes to this bug.