I have a host with 5 jails for couple of apps and a database server.
When from one webserver jail I try to curl URL of app in another or same jail i get:
By watching at these PF rules, could someone tell me why are my connections from jail to jail over web getting refused?
I have configured PF with these rules:
When from one webserver jail I try to curl URL of app in another or same jail i get:
Code:
curl: (7) Failed to connect to app1.com port 80: Connection refused
By watching at these PF rules, could someone tell me why are my connections from jail to jail over web getting refused?
I have configured PF with these rules:
Code:
# Macros
nic = "re0"
ip1 = "xxx.xxx.xxx.xxx"
ip2 = "xxx.xxx.xxx.xxx"
ip3 = "xxx.xxx.xxx.xxx"
ip4 = "xxx.xxx.xxx.xxx"
db = "192.168.1.2"
app1 = "192.168.1.3"
app2 = "192.168.1.4"
app3 = "192.168.1.5"
app4 = "192.168.1.6"
app5 = "192.168.1.7"
icmp_types = "{echoreq,unreach}"
# Options
set skip on lo
set block-policy drop
set loginterface $nic
# Normalization
scrub in no-df random-id
# NAT
nat pass on $nic from $db -> $ip1
nat pass on $nic from $app1 -> $ip2
rdr on $nic inet proto tcp to $ip2 port {25,80,443,30000} -> $app1
nat pass on $nic from $app2 -> $ip2
rdr on $nic inet proto tcp to $ip2 port {10000} -> $app2
nat pass on $nic from $app3 -> $ip3
rdr on $nic inet proto tcp to $ip3 port {25,80,443,50000} -> $app3
nat pass on $nic from $app4 -> $ip4
rdr on $nic inet proto tcp to $ip4 port {25,80,443,60000} -> $app4
nat pass on $nic from $app5 -> $ip4
rdr on $nic inet proto tcp to $ip4 port {80,443,20000} -> $app5
# Filtering
block in log
antispoof quick for $nic inet
pass in proto tcp to port {25,80,443,10000,20000,30000,40000,50000,60000}
pass inet proto icmp all icmp-type $icmp_types
pass out