Allow flows to Apple notarization servers
Categories
(Infrastructure & Operations Graveyard :: NetOps: DC ACL Request, task)
Tracking
(Not tracked)
People
(Reporter: nthomas, Assigned: van)
References
Details
We are trying to get traffic from the RelEng network, specifically 10.49.48.16, to vgrNNN.apple.com on port 33001 for tcp and port range 33001-33500 for udp. The values for NNN are documented at https://help.apple.com/itc/transporteruserguide/#/apdATD1E112-D1E1A1303-D1E112A1126.
At the moment there seems to be some restriction. netcat reports 33001 is open on tcp and udp, but if you look at the traffic with tcpdump we only ever get a SYN+ACK to the original SYN, and no further packets.
Assignee | ||
Updated•6 years ago
|
Assignee | ||
Comment 1•6 years ago
|
||
created services tcp-33001 and udp-33001-33500. added firewall policy 324 - srv-releng-apple--transporter.
confirmed with nthomas his app is working.
Reporter | ||
Comment 2•5 years ago
|
||
Van, could you please expand the IPs allowed to use this policy to include
mac-v3-signing1.srv.releng.mdc1.mozilla.com / 10.49.48.177
mac-v3-signing2.srv.releng.mdc1.mozilla.com / 10.49.48.178
mac-v3-signing3.srv.releng.mdc1.mozilla.com / 10.49.48.179
mac-v3-signing4.srv.releng.mdc1.mozilla.com / 10.49.48.180
mac-v3-signing5.srv.releng.mdc1.mozilla.com / 10.49.48.181
mac-v3-signing1.srv.releng.mdc2.mozilla.com / 10.51.48.234
mac-v3-signing2.srv.releng.mdc2.mozilla.com / 10.51.48.235
mac-v3-signing3.srv.releng.mdc2.mozilla.com / 10.51.48.236
mac-v3-signing4.srv.releng.mdc2.mozilla.com / 10.51.48.237
mac-v3-signing5.srv.releng.mdc2.mozilla.com / 10.51.48.238
Bug 1552305 may also be relevant, it added a NAT gateway for these machines.
Reporter | ||
Comment 3•5 years ago
|
||
Moving to a new bug.
Reporter | ||
Updated•5 years ago
|
Hi Nick,
I went ahead and added the IP's listed above to the security policy Van created for you, please test and verify
Reporter | ||
Updated•5 years ago
|
Updated•2 years ago
|
Description
•