[SAC] [OSGeo] #1255: Peer1 Firewall Configuration
OSGeo
trac_osgeo at osgeo.org
Fri Nov 8 07:50:15 PST 2013
#1255: Peer1 Firewall Configuration
---------------------------+------------------------------------------------
Reporter: warmerdam | Owner: sac@…
Type: defect | Status: new
Priority: major | Milestone:
Component: Systems Admin | Keywords:
---------------------------+------------------------------------------------
Currently I (and presumably others) are unable to ssh to osgeo1
(www.osgeo.org).
In a set of emails to selected SAC members (at least Frank and Arnulf?)
Peer1 has indicated over the last couple days that our firewall hardware
failed, and was replaced. The email thread had a title like:
{{{
[peer1.com #1358065] [5777727][1278743 :: osgeo.org] Peer 1 Monitoring
Alert
}}}
It seems there was no record (!) of our old firewall rules, and so the
following rules were put in place:
{{{
set policy id 1 from "Untrust" to "Trust" "Peer1 Support"
"66.223.95.240/28-Net" "ANY" permit
set policy id 1
set policy id 0 from "Trust" to "Untrust" "66.223.95.240/28-Net" "Any"
"ANY" permit
set policy id 0
set policy id 2 from "Untrust" to "Trust" "NMS" "66.223.95.240/28-Net"
"NMS service" permit
set policy id 2
set policy id 3 from "Untrust" to "Trust" "Any" "66.223.95.240/28-Net"
"Tivoli Backup" permit
set policy id 3
set policy id 20 from "Untrust" to "Trust" "Any" "66.223.95.240/28-Net"
"HTTP" permit
set policy id 20
set policy id 21 from "Untrust" to "Trust" "Any" "66.223.95.240/28-Net"
"HTTPS" permit
set policy id 21
set policy id 22 from "Untrust" to "Trust" "Any" "66.223.95.240/28-Net"
"FTP" permit
set policy id 22
}}}
I presume this is disallowing ssh traffic.
This firewall configuration may related to #1254 as well.
--
Ticket URL: <http://trac.osgeo.org/osgeo/ticket/1255>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list