Closed
Bug 1178565
Opened 9 years ago
Closed 7 years ago
Need additional port for Wowza Engines
Categories
(Infrastructure & Operations Graveyard :: NetOps, task)
Infrastructure & Operations Graveyard
NetOps
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: richard, Unassigned, NeedInfo)
Details
Wowza has added a documentation server interface to the Wowza Streaming Engines as of rev 4.2.0. We need to add port 8089 access to wowza1.corpdmz.scl3.mozilla.com and wowza2.corpdmz.scl3.mozilla.com. This should be accessible only from the VPN. Ports were originally assigned for these machines in bug #1112953.
|
||
Comment 1•9 years ago
|
||
The security policy you requested should now be in place.
Please test it out and see if what I've put in place matches your requirements?
Thanks -- Dave
From zone: dc, To zone: corpdmz
Source addresses:
corp.pek2: 10.241.24.0/21
corp.mtv2: 10.252.24.0/21
corp.pdx1: 10.248.24.0/21
corp.sfo1: 10.251.24.0/21
corp.ber1: 10.249.24.0/21
corp.tpe1: 10.247.24.0/21
corp.lon1: 10.246.24.0/21
corp.akl1: 10.245.24.0/21
corp.yvr1: 10.244.24.0/21
corp.par1: 10.243.24.0/21
corp.tor1: 10.242.24.0/21
Destination addresses:
wowza2: 10.22.72.140/32
wowza1: 10.22.72.153/32
Application: wowza-admin
IP protocol: tcp, ALG: 0, Inactivity timeout: 1800
Source port range: [0-0]
Destination port range: [8086-8088]
Application: tcp-8089
IP protocol: tcp, ALG: 0, Inactivity timeout: 1800
Source port range: [0-0]
Destination port range: [8089-8089]Assignee: network-operations → dcurado
Status: NEW → UNCONFIRMED
Ever confirmed: false
|
Reporter | |
Comment 2•9 years ago
|
||
While connected to the certificate-based VPN as 10.22.248.86 I see this: Starting Nmap 6.25 ( http://nmap.org ) at 2015-06-30 11:29 PDT Nmap scan report for wowza1.corpdmz.scl3.mozilla.com (10.22.72.153) Host is up (0.0049s latency). Not shown: 990 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 1935/tcp open rtmp 5666/tcp open nrpe 8083/tcp open us-srv 8086/tcp open d-s-n 8087/tcp open simplifymedia 8088/tcp open radan-http Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
|
|
||
Comment 3•9 years ago
|
||
When you connect via the openvpn VPN, you are connecting in to the corpdmz security zone.
Your wowza hosts are also in the corpdmz security zone.
The security policy for devices connecting via the openvpn VPN to other devices in the corpdmz
security zone is wide open.
Policy: VPN--ANY, action-type: permit, State: enabled, Index: 1883, Scope Policy: 0
Policy Type: Configured
Sequence number: 1
From zone: corpdmz, To zone: corpdmz
Source addresses:
ssh1: 10.22.72.158/32
ssh1.stage: 10.22.72.159/32
openvpn1.stage: 10.22.72.155/32
vpn-net: 10.22.240.0/20 <------------------------
openvpn1: 10.22.72.136/32
Destination addresses:
any-ipv4: 0.0.0.0/0 <---------------------------
any-ipv6: ::/0
Application: any <---------------------------------
IP protocol: 0, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [0-0]
Perhaps make sure the wowza hosts are actually running the service on port 8089,
and that they are allowing any hosts to connect to it?
Thanks.
|
||
Updated•7 years ago
|
Assignee: dcurado → network-operations
|
|
||
Updated•7 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
|
||
Updated•2 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•