SmartOS:如何配置 IPFilter (IPF) 环回防火墙规则?

SmartOS:如何配置 IPFilter (IPF) 环回防火墙规则?

我有一台 SmartOS 机器,只有一个外部 IP 地址。我的一个网站需要环回访问。但是,如果我尝试

curl https://www.example.com

它只是在区域内超时。在全局区域内,我收到以下错误消息:

connect to 1.2.3.4 port 443 failed: Connection refused

我的防火墙设置如下(/etc/ipf/ipf.conf):

## Allow Inbound Ports
pass in quick on vioif0 proto tcp from any to any port = 22 keep state
pass in quick on vioif0 proto tcp from any to any port = 80 keep state
pass in quick on vioif0 proto tcp from any to any port = 443 keep state
pass in quick on vioif0 proto icmp from any to any icmp-type echo
## Allow Out Ports
pass out quick on vioif0 all keep state
## Block all else
block in quick log first on vioif0 all
block out quick log first on vioif0 all

也许也是 NAT 导致了问题(/etc/ipf/ipnat.conf):

rdr vioif0 from any to any port = 80 -> 10.0.0.2 port 80 tcp
rdr vioif0 from any to any port = 443 -> 10.0.0.2 port 443 tcp
map vioif0 from 10.0.0.0/24 to any -> 0/32 proxy port ftp ftp/tcp
map vioif0 from 10.0.0.0/24 to any -> 0/32 portmap tcp/udp auto
map vioif0 from 10.0.0.0/24 to any -> 0/32

有什么指点吗?

相关内容