%20%E7%8E%AF%E5%9B%9E%E9%98%B2%E7%81%AB%E5%A2%99%E8%A7%84%E5%88%99%EF%BC%9F.png)
我有一台 SmartOS 机器,只有一个外部 IP 地址。我的一个网站需要环回访问。但是,如果我尝试
curl https://www.example.com
它只是在区域内超时。在全局区域内,我收到以下错误消息:
connect to 1.2.3.4 port 443 failed: Connection refused
我的防火墙设置如下(/etc/ipf/ipf.conf):
## Allow Inbound Ports
pass in quick on vioif0 proto tcp from any to any port = 22 keep state
pass in quick on vioif0 proto tcp from any to any port = 80 keep state
pass in quick on vioif0 proto tcp from any to any port = 443 keep state
pass in quick on vioif0 proto icmp from any to any icmp-type echo
## Allow Out Ports
pass out quick on vioif0 all keep state
## Block all else
block in quick log first on vioif0 all
block out quick log first on vioif0 all
也许也是 NAT 导致了问题(/etc/ipf/ipnat.conf):
rdr vioif0 from any to any port = 80 -> 10.0.0.2 port 80 tcp
rdr vioif0 from any to any port = 443 -> 10.0.0.2 port 443 tcp
map vioif0 from 10.0.0.0/24 to any -> 0/32 proxy port ftp ftp/tcp
map vioif0 from 10.0.0.0/24 to any -> 0/32 portmap tcp/udp auto
map vioif0 from 10.0.0.0/24 to any -> 0/32
有什么指点吗?