Closed Bug 1178565 Opened 10 years ago Closed 8 years ago

Need additional port for Wowza Engines

Categories

(Infrastructure & Operations Graveyard :: NetOps, task)

Product:
Infrastructure & Operations Graveyard
Component:
NetOps
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: richard, Unassigned, NeedInfo)

Details

Wowza has added a documentation server interface to the Wowza Streaming Engines as of rev 4.2.0. We need to add port 8089 access to wowza1.corpdmz.scl3.mozilla.com and wowza2.corpdmz.scl3.mozilla.com. This should be accessible only from the VPN. Ports were originally assigned for these machines in bug #1112953.
The security policy you requested should now be in place. Please test it out and see if what I've put in place matches your requirements? Thanks -- Dave From zone: dc, To zone: corpdmz Source addresses: corp.pek2: 10.241.24.0/21 corp.mtv2: 10.252.24.0/21 corp.pdx1: 10.248.24.0/21 corp.sfo1: 10.251.24.0/21 corp.ber1: 10.249.24.0/21 corp.tpe1: 10.247.24.0/21 corp.lon1: 10.246.24.0/21 corp.akl1: 10.245.24.0/21 corp.yvr1: 10.244.24.0/21 corp.par1: 10.243.24.0/21 corp.tor1: 10.242.24.0/21 Destination addresses: wowza2: 10.22.72.140/32 wowza1: 10.22.72.153/32 Application: wowza-admin IP protocol: tcp, ALG: 0, Inactivity timeout: 1800 Source port range: [0-0] Destination port range: [8086-8088] Application: tcp-8089 IP protocol: tcp, ALG: 0, Inactivity timeout: 1800 Source port range: [0-0] Destination port range: [8089-8089]
Assignee: network-operations → dcurado
Status: NEW → UNCONFIRMED
Ever confirmed: false
While connected to the certificate-based VPN as 10.22.248.86 I see this: Starting Nmap 6.25 ( http://nmap.org ) at 2015-06-30 11:29 PDT Nmap scan report for wowza1.corpdmz.scl3.mozilla.com (10.22.72.153) Host is up (0.0049s latency). Not shown: 990 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 1935/tcp open rtmp 5666/tcp open nrpe 8083/tcp open us-srv 8086/tcp open d-s-n 8087/tcp open simplifymedia 8088/tcp open radan-http Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
When you connect via the openvpn VPN, you are connecting in to the corpdmz security zone. Your wowza hosts are also in the corpdmz security zone. The security policy for devices connecting via the openvpn VPN to other devices in the corpdmz security zone is wide open. Policy: VPN--ANY, action-type: permit, State: enabled, Index: 1883, Scope Policy: 0 Policy Type: Configured Sequence number: 1 From zone: corpdmz, To zone: corpdmz Source addresses: ssh1: 10.22.72.158/32 ssh1.stage: 10.22.72.159/32 openvpn1.stage: 10.22.72.155/32 vpn-net: 10.22.240.0/20 <------------------------ openvpn1: 10.22.72.136/32 Destination addresses: any-ipv4: 0.0.0.0/0 <--------------------------- any-ipv6: ::/0 Application: any <--------------------------------- IP protocol: 0, ALG: 0, Inactivity timeout: 0 Source port range: [0-0] Destination port range: [0-0] Perhaps make sure the wowza hosts are actually running the service on port 8089, and that they are allowing any hosts to connect to it? Thanks.
Is this an issue?
Flags: needinfo?(trecendez)
Assignee: dcurado → network-operations
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.