Closed Bug 1528087 Opened 5 years ago Closed 5 years ago

Allow flows to Apple notarization servers

Categories

(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: nthomas, Assigned: van)

References

Details

We are trying to get traffic from the RelEng network, specifically 10.49.48.16, to vgrNNN.apple.com on port 33001 for tcp and port range 33001-33500 for udp. The values for NNN are documented at https://help.apple.com/itc/transporteruserguide/#/apdATD1E112-D1E1A1303-D1E112A1126.

At the moment there seems to be some restriction. netcat reports 33001 is open on tcp and udp, but if you look at the traffic with tcpdump we only ever get a SYN+ACK to the original SYN, and no further packets.

Blocks: 1470607
Assignee: network-operations → vle

created services tcp-33001 and udp-33001-33500. added firewall policy 324 - srv-releng-apple--transporter.

confirmed with nthomas his app is working.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED

Van, could you please expand the IPs allowed to use this policy to include

mac-v3-signing1.srv.releng.mdc1.mozilla.com / 10.49.48.177
mac-v3-signing2.srv.releng.mdc1.mozilla.com / 10.49.48.178
mac-v3-signing3.srv.releng.mdc1.mozilla.com / 10.49.48.179
mac-v3-signing4.srv.releng.mdc1.mozilla.com / 10.49.48.180
mac-v3-signing5.srv.releng.mdc1.mozilla.com / 10.49.48.181

mac-v3-signing1.srv.releng.mdc2.mozilla.com / 10.51.48.234
mac-v3-signing2.srv.releng.mdc2.mozilla.com / 10.51.48.235
mac-v3-signing3.srv.releng.mdc2.mozilla.com / 10.51.48.236
mac-v3-signing4.srv.releng.mdc2.mozilla.com / 10.51.48.237
mac-v3-signing5.srv.releng.mdc2.mozilla.com / 10.51.48.238

Bug 1552305 may also be relevant, it added a NAT gateway for these machines.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Moving to a new bug.

Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
Resolution: --- → FIXED
See Also: → 1559274

Hi Nick,
I went ahead and added the IP's listed above to the security policy Van created for you, please test and verify

Flags: needinfo?(nthomas)

This seems much better now, thank you!

Flags: needinfo?(nthomas)
Blocks: 1541565
No longer blocks: 1470607
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.