Eu tenho uma máquina SmartOS com um endereço IP externo. Um dos meus sites precisa de acesso de loopback. No entanto, se eu tentar
curl https://www.example.com
simplesmente expira dentro de uma zona. De dentro da zona global, recebo a seguinte mensagem de erro:
connect to 1.2.3.4 port 443 failed: Connection refused
Meu firewall é configurado assim ( /etc/ipf/ipf.conf
):
## Allow Inbound Ports
pass in quick on vioif0 proto tcp from any to any port = 22 keep state
pass in quick on vioif0 proto tcp from any to any port = 80 keep state
pass in quick on vioif0 proto tcp from any to any port = 443 keep state
pass in quick on vioif0 proto icmp from any to any icmp-type echo
## Allow Out Ports
pass out quick on vioif0 all keep state
## Block all else
block in quick log first on vioif0 all
block out quick log first on vioif0 all
Talvez seja também o NAT que causa os problemas ( /etc/ipf/ipnat.conf
):
rdr vioif0 from any to any port = 80 -> 10.0.0.2 port 80 tcp
rdr vioif0 from any to any port = 443 -> 10.0.0.2 port 443 tcp
map vioif0 from 10.0.0.0/24 to any -> 0/32 proxy port ftp ftp/tcp
map vioif0 from 10.0.0.0/24 to any -> 0/32 portmap tcp/udp auto
map vioif0 from 10.0.0.0/24 to any -> 0/32
Algum apontador?