Page MenuHomePhabricator

NAT and DNS for fundraising monitor host
Closed, ResolvedPublic

Description

frmon.wikimedia.org

10.64.40.73 is the local IP

208.80.155.4 .8 and .15 look free per the comment in frack-puppet

@ayounsi @Jgreen I do not have an opinion on the IP, do either of you?

We are planning to try out a letsencrypt cert on this server.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

I don't neither.

Note that 8.155.80.208.in-addr.arpa domain name pointer frbast1001.wikimedia.org.

@ayounsi ah yes thanks, I forgot to update the documentation for that, but just did

Looks like .4, .9, and .15 are available. .9 was tellurium and still has crufty DNS so my suggestion is we use that, and clean up the cruft in the process.

Looks like .4, .9, and .15 are available. .9 was tellurium and still has crufty DNS so my suggestion is we use that, and clean up the cruft in the process.

DNS is done!

;; ANSWER SECTION:
frmon.wikimedia.org. 3600 IN CNAME frmon-eqiad.wikimedia.org.
frmon-eqiad.wikimedia.org. 3600 IN A 208.80.155.9

NAT created:

[edit security nat static rule-set static-nat]
       rule frbast1001 { ... }
+      rule frmon1001 {
+          match {
+              destination-address 208.80.155.9/32;
+          }
+          then {
+              static-nat {
+                  prefix {
+                      10.64.40.73/32;
+                  }
+              }
+          }
+      }
-      rule bastion {
-          match {
-              destination-address 208.80.155.9/32;
-          }
-          then {
-              static-nat {
-                  prefix {
-                      10.64.40.34/32;
-                  }
-              }
-          }
-      }

still need firewall policies I believe.

herron triaged this task as Medium priority.Jul 18 2018, 6:41 PM
ayounsi claimed this task.

I believe we're good here. Please re-open if not (or need firewall policies).