Ernie Luzar
2018-12-06 18:40:32 UTC
Have gateway host, (ie; host that is connected directly to the public
internet.) running a vnet jail that has pf firewall running inside of
it. When I start the vnet jail I see a few dhclient tasks auto start for
vge0 which is the interface added as member to the bridge. I take this
to mean that the vnet jails external network is configured correctly.
Can not ping 8.8.8.8 from the vnet jails console. I can see the pf rules
are loaded. But the pf log shows no traffic at all.
Think problem is with the nat rule syntax or the nat function of pf is
non-functional. Can not reach the public internet using this nat rule
nat pass on epair2b inet from 10.0.20.10 to any -> xx.xx.xx.xx
10.0.20.10 is ip address assigned to the vnet jail
xx.xx.xx.xx is the ip address assigned to the host by the isp.
Also tried this with no joy
nat pass on epair2b inet from 10.0.20.10 to any -> epair2b
Anyone been able to get pf NAT to work in a live vnet jail in this manner?
internet.) running a vnet jail that has pf firewall running inside of
it. When I start the vnet jail I see a few dhclient tasks auto start for
vge0 which is the interface added as member to the bridge. I take this
to mean that the vnet jails external network is configured correctly.
Can not ping 8.8.8.8 from the vnet jails console. I can see the pf rules
are loaded. But the pf log shows no traffic at all.
Think problem is with the nat rule syntax or the nat function of pf is
non-functional. Can not reach the public internet using this nat rule
nat pass on epair2b inet from 10.0.20.10 to any -> xx.xx.xx.xx
10.0.20.10 is ip address assigned to the vnet jail
xx.xx.xx.xx is the ip address assigned to the host by the isp.
Also tried this with no joy
nat pass on epair2b inet from 10.0.20.10 to any -> epair2b
Anyone been able to get pf NAT to work in a live vnet jail in this manner?