Need additional port for Wowza Engines

RESOLVED FIXED

Status

RESOLVED FIXED
4 years ago
2 years ago

People

(Reporter: richard, Unassigned, NeedInfo)

Tracking

Details

(Reporter)

Description

4 years ago
Wowza has added a documentation server interface to the Wowza Streaming Engines as of rev 4.2.0.

We need to add port 8089 access to wowza1.corpdmz.scl3.mozilla.com and wowza2.corpdmz.scl3.mozilla.com.   This should be accessible only from the VPN.

Ports were originally assigned for these machines in bug #1112953.
The security policy you requested should now be in place.
Please test it out and see if what I've put in place matches your requirements?
Thanks -- Dave

  From zone: dc, To zone: corpdmz
  Source addresses:
    corp.pek2: 10.241.24.0/21 
    corp.mtv2: 10.252.24.0/21 
    corp.pdx1: 10.248.24.0/21 
    corp.sfo1: 10.251.24.0/21 
    corp.ber1: 10.249.24.0/21 
    corp.tpe1: 10.247.24.0/21 
    corp.lon1: 10.246.24.0/21 
    corp.akl1: 10.245.24.0/21 
    corp.yvr1: 10.244.24.0/21 
    corp.par1: 10.243.24.0/21 
    corp.tor1: 10.242.24.0/21
  Destination addresses:
    wowza2: 10.22.72.140/32 
    wowza1: 10.22.72.153/32
  Application: wowza-admin
    IP protocol: tcp, ALG: 0, Inactivity timeout: 1800
      Source port range: [0-0] 
      Destination port range: [8086-8088]
  Application: tcp-8089
    IP protocol: tcp, ALG: 0, Inactivity timeout: 1800
      Source port range: [0-0] 
      Destination port range: [8089-8089]
Assignee: network-operations → dcurado
Status: NEW → UNCONFIRMED
Ever confirmed: false
(Reporter)

Comment 2

4 years ago
While connected to the certificate-based VPN as 10.22.248.86 I see this:

Starting Nmap 6.25 ( http://nmap.org ) at 2015-06-30 11:29 PDT
Nmap scan report for wowza1.corpdmz.scl3.mozilla.com (10.22.72.153)
Host is up (0.0049s latency).
Not shown: 990 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
443/tcp  open  https
1935/tcp open  rtmp
5666/tcp open  nrpe
8083/tcp open  us-srv
8086/tcp open  d-s-n
8087/tcp open  simplifymedia
8088/tcp open  radan-http

Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
When you connect via the openvpn VPN, you are connecting in to the corpdmz security zone.
Your wowza hosts are also in the corpdmz security zone.

The security policy for devices connecting via the openvpn VPN to other devices in the corpdmz
security zone is wide open.

Policy: VPN--ANY, action-type: permit, State: enabled, Index: 1883, Scope Policy: 0
  Policy Type: Configured
  Sequence number: 1
  From zone: corpdmz, To zone: corpdmz
  Source addresses:
    ssh1: 10.22.72.158/32 
    ssh1.stage: 10.22.72.159/32 
    openvpn1.stage: 10.22.72.155/32 
    vpn-net: 10.22.240.0/20 <------------------------
    openvpn1: 10.22.72.136/32
  Destination addresses:
    any-ipv4: 0.0.0.0/0  <---------------------------
    any-ipv6: ::/0
  Application: any <---------------------------------
    IP protocol: 0, ALG: 0, Inactivity timeout: 0
      Source port range: [0-0] 
      Destination port range: [0-0]

Perhaps make sure the wowza hosts are actually running the service on port 8089,
and that they are allowing any hosts to connect to it?

Thanks.
Is this an issue?
Flags: needinfo?(trecendez)
Assignee: dcurado → network-operations
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.