ip r
default via 192.168.1.1 dev enp1s0 proto dhcp src 192.168.xx.xx metric 100
100.64.0.0/10 dev ziti0 scope link
100.64.0.2 dev ziti0 scope link
100.64.0.3 dev ziti0 scope link
100.64.0.4 dev ziti0 scope link
100.64.0.5 dev ziti0 scope link
100.64.0.6 dev ziti0 scope link
192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.xxx
192.168.0.0/24 via 192.168.0.1 dev enp3s0 proto static
192.168.1.0/24 dev enp1s0 proto kernel scope link src 192.168.xx.xx metric 100
192.168.1.1 dev enp1s0 proto dhcp scope link src 192.168.xx.xx metric 100
sudo zfw -L
INGRESS FILTERS:
type service id proto origin destination mapping: interface list
------ ---------------------- ----- ----------------- ------------------ ------------------------------------------------------- -----------------
deny 0000000000000000000000 tcp 0.0.0.0/0 0.0.0.0/0 dpts=0:65535 PASSTHRU to 0.0.0.0/0 [enp1s0]
accept 21wXRWsPgUCHUUEgnq2T62 tcp 0.0.0.0/0 100.64.0.5/32 dpts=1514:1514 TUNMODE redirect:ziti0 []
accept 25PKCSIMbIHYqUbw6evT8K tcp 0.0.0.0/0 100.64.0.4/32 dpts=443:443 TUNMODE redirect:ziti0 []
accept 4OcvMNhXglb0bDxTCUZ4f1 tcp 0.0.0.0/0 100.64.0.3/32 dpts=443:443 TUNMODE redirect:ziti0 []
accept 1MWGDlo11hNhtKDhjPwfMl tcp 0.0.0.0/0 100.64.0.6/32 dpts=55000:55000 TUNMODE redirect:ziti0 []
accept 1MWGDlo11hNhtKDhjPwfMl tcp 0.0.0.0/0 100.64.0.6/32 dpts=1515:1515 TUNMODE redirect:ziti0 []
accept 0000000000000000000000 udp 0.0.0.0/0 100.64.0.2/32 dpts=53:53 TUNMODE redirect:ziti0 []
deny 0000000000000000000000 udp 0.0.0.0/0 0.0.0.0/0 dpts=0:65535 PASSTHRU to 0.0.0.0/0 [enp1s0]
Rule Count: 8 / 250000
prefix_tuple_count: 7 / 100000
sudo zfw -L -z egress
EGRESS FILTERS:
type service id proto origin destination mapping: interface list
------ ---------------------- ----- ----------------- ------------------ ------------------------------------------------------- -----------------
deny 0000000000000000000000 udp 0.0.0.0/0 0.0.0.0/0 dpts=0:65535 PASSTHRU to 0.0.0.0/0 [enp1s0]
accept 0000000000000000000000 tcp 0.0.0.0/0 35.xxx.xx.xx/32 dpts=443:443 PASSTHRU to 35.xxx.xx.xx/32 [enp1s0]
accept 0000000000000000000000 udp 0.0.0.0/0 1.1.1.1/32 dpts=53:53 PASSTHRU to 1.1.1.1/32 [enp1s0]
deny 0000000000000000000000 tcp 0.0.0.0/0 0.0.0.0/0 dpts=0:65535 PASSTHRU to 0.0.0.0/0 [enp1s0]
Rule Count: 4 / 250000
prefix_tuple_count: 4 / 100000
telnet ziti-controller.xxxx.xxxx 443
Trying 35.xxx.xx.xx...
Connected to ziti-controller.xxxx.xxxx.
Escape character is '^]'.
It is not resolving ziti dns part
telnet keycloak.xxxx.xxxx 443
Trying 100.64.0.6...
telnet: Unable to connect to remote host: Connection refused