We followed the instructions and configured the mentioned policies. When we go to the OAuth 2 test client, we could not obtain a token. We could see the following error in the logs:
Problem routing to https://magprueba.***.com.ar/auth/oauth/v2/token. Error msg: Unable to obtain HTTP response from https://magprueba.***.com.ar/auth/oauth/v2/token: Connection to https://magprueba.tecnopro.com.ar refused. Caused by: Connection refused (Connection refused)
The URL is ok, but the API Gateway is trying to connect to the localhost to the 443 port
If we see the ports opened in the API Gateway:
[root@magprueba ~]# netstat -na | grep 443
tcp 0 0 0.0.0.0:9443 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
tcp 0 0 10.4.1.221:8443 10.2.1.159:63155 ESTABLISHED
So, after the configuration the API Gateway is trying to connect itself to localhost:443 and that port is not opened.
We tried from the root shell to NAT local traffic from 8443 to 443.
We run the following command:
iptables -t nat -A OUTPUT -o lo -p tcp -m tcp --dport 443 -j DNAT --to-destination 127.0.0.1:8443
after inserting the nat firewall rule.
oauth work ok!.
We do not used "Advanced Firewall rules" from the "Policy Manager" because it dont allow to create that rule-
We tried also to change the "Default HTTPS Port" in "Manage Listen Ports".
but Policy Manager show the following error "The port field must be a number betweem 1025 and 65535"
Do you think that the config with the NAT is ok?
is there another configuration to do?