Page MenuHomePhabricator
Create Task
Maniphest T414833

IPs for Trustly SFTP reports
Closed, ResolvedPublic
Actions

Description

Ask from Trustly:

"Can you help me with the IPs that should be whitelisted for SFTP?"

Related Objects
Search...

Event Timeline

Cstone created this task.Jan 16 2026, 5:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 16 2026, 5:35 PM
Dwisehaupt added a project: fundraising-tech-ops.Jan 16 2026, 7:10 PM
Dwisehaupt subscribed.

Here are the two public IP ranges we use:

208.80.155.0/27
208.80.152.224/28

Once they have those added, we will need to know what IPs/hostnames we would be connecting to for pulling the reports.

Dwisehaupt moved this task from Triage to In Progress on the fundraising-tech-ops board.Jan 16 2026, 7:10 PM
Cstone added a comment.Jan 16 2026, 8:17 PM

Response from the IP range:

The first one contains 30 usable IPs (/27) and the second one contains 14 usable IPs (/28). Is your team able to reduce the amount of IPs? If not, we would need to receive approval from our SecOps before proceeding to whitelist

The SFTP access is performed via NLB, which does not have static IP adresses, Our team recommends using the DNS to whitelist the SFTP on their side. The current PROD DNS is: external.paywithmybank.com

Dwisehaupt added a comment.Jan 16 2026, 9:06 PM

The trimmed down IP range would be:

208.80.152.230
208.80.152.232
208.80.155.7
208.80.155.17

We can use an ipset config to cover our outbound restrictions to their DNS name.

Eileenmcnaughton created subtask T415135: Get Trustly Reconciliation reports downloading.Jan 20 2026, 8:59 PM
Cstone removed a subtask: T415135: Get Trustly Reconciliation reports downloading.Jan 20 2026, 9:01 PM
Cstone added a parent task: T415135: Get Trustly Reconciliation reports downloading.
Dwisehaupt mentioned this in T415135: Get Trustly Reconciliation reports downloading.Jan 27 2026, 2:49 AM
Dwisehaupt added a comment.Jan 27 2026, 2:52 AM

Used the info from T414833#11530389 to create the ipset and iptables rules. Basic ssh connection has been verified as working. I believe this task is complete from the ops end.

AKanji-WMF closed this task as Resolved.Feb 9 2026, 4:53 PM
AKanji-WMF claimed this task.
AKanji-WMF added a project: Fundraising Sprint: Ball pit.
AKanji-WMF subscribed.

Resolving, @Cstone let us know if there's anything final that needs to be communicated to Trustly.

Damilare mentioned this in T415719: Fundraising Sprint B Priorities.Feb 10 2026, 3:54 PM
Jgreen moved this task from In Progress to Done on the fundraising-tech-ops board.Feb 12 2026, 9:11 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits