12.0-beta3 pf firewall NAT rule syntax for vnet jail using pf
Kristof Provost
kristof at sigsegv.be
Sun Nov 11 10:34:43 UTC 2018
On 9 Nov 2018, at 19:14, Ernie Luzar wrote:
> Hello lists;
>
> testing 12.0-beta3 vnet jail that is using pf firewall.
> net.inet.ip.forwarding =1 for the vnet jail.
> Host is running ipfilter firewall.
> The kldload pf.ko pflog.ko command has been issued.
> 10.0.10.30 is the ip address assigned to the vnet jail in the
> jail.conf.
> Using this nat rule
>
> nat on epair2b from 10.0.0.30/24 to any -> (vge0)
>
Is this rule set on the pf inside the jail?
> vge0 is the hosts interface facing the public internet and a member of
> bridge2 along with member epair2a.
>
Is this bridge on the host, so outside the jail?
If so, how can the jail see the vge0 interface?
Best regards,
Kristof
More information about the freebsd-jail
mailing list