Closed Bug 879410 Opened 12 years ago Closed 12 years ago

http://runtime-binaries.pvt.build.mozilla.org/tooltool/sha512 not accessible through datacenter VPN

Categories

(Infrastructure & Operations :: RelOps: General, task)

Product:
Infrastructure & Operations
Component:
RelOps: General
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bhearsum, Assigned: dustin)

References

Details

Suspecting apache config changes needed due to srcip being different when coming from Datacenter VPN. I wonder if we can even limit the access to RelEng with this technique through the new vpn?
We'll need to add this address to the list of VPN addresses in Puppet, used to generate the Apache configs. The flow restrictions on the VPN host itself will only allow access to the pvt VIP for appropriate people. Jabba, what source IP(s) should I use for the DC VPN?
Flags: needinfo?(jdow)
Each person gets a unique IP when connected to the VPN. That range is 10.22.248.0/255.255.252.0 . If using the VPN to tunnel to a public IP (not very common), then it is likely going to source from the scl3 corpdmz NAT address of 63.245.214.169 (nat-corpdmz.scl3.mozilla.com)
Flags: needinfo?(jdow)
Assignee: server-ops-releng → dustin
OK, I made the necessary puppet changes (which was a little tricky, since this is an entire subnet, not just a single IP) to update the ACLs for this new VPN.
Those ACLs don't affect relengweb1
Depends on: 864482
Ben, can you get to runtime-binaries from the DC VPN now?
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.