753234 - web2.stage.bugs.scl3.mozilla.com requires access to http, https and smtp

Status: RESOLVED FIXED

(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task, P1)

Description

[:glob ✱]

since bugzilla-stage-tip was moved from sjc to scl3, it is no longer able to access the internet.

[bjones@web2 ~]$ hostname
web2.stage.bugs.scl3.mozilla.com
[bjones@web2 ~]$ telnet glob.com.au 80
Trying 110.173.227.153...
<timeout>

please allow web2.stage.bugs.scl3.mozilla.com to establish outgoing connections on :80, :443 and :25.

thanks

Comment 1

[casey ransom [:casey]]

what kind of mail is web2 sending? we'll need to add specific static nat if this is user generated so that we don't end up black listing other ips.

Comment 2

[David Lawrence [:dkl]]

(In reply to casey ransom [:casey] from comment #1)
> what kind of mail is web2 sending? we'll need to add specific static nat if
> this is user generated so that we don't end up black listing other ips.

Similar mail to production bugzilla.mozilla.org. So the setup needs to be similar to production and be able to deliver email to the appropriate relay for testing purposes.

dkl

Comment 3

[casey ransom [:casey]]

I added flows and a stage.bugs appropriate source NAT address. I'm assuming the appropriate relay you mention is an internet host rather than something internal as I don't see anything specific in phx1 for mail relay from bugzilla (but it might get inherited from other blanket rules), let me know if not the case.
[root@web2 ~]# curl ip.hubns.net/?raw
63.245.214.160
[root@web2 ~]# nc -vz mail.hubns.net 25
Connection to mail.hubns.net 25 port [tcp/smtp] succeeded!
(443 also works)