>'Lo.
>On 2016-06-26T02:32:04 +0000
>James Lodge <ja...@lodge.me.uk> wrote:
>
> If you clone lo1, give it a 192.168.x.x/32 IP and then use the following
> pf.conf
> Do you need to bridge the interfaces? You may need to add
> gateway_enable="YES" to rc.conf
>
> Not sure if that's what you're trying to do?
>
> James
>
>
> IP_PUB="Your Public IP Address Here"
> IP_JAIL="192.168.0.2"
> NET_JAIL="192.168.0.0/24"
> PORT_JAIL="{80,443,2020}"
>
> scrub in all
> nat pass on em0 from $NET_JAIL to any -> $IP_PUB
> rdr pass on em0 proto tcp from any to $IP_PUB port $PORT_WWW -> $IP_JAIL
>Interesting!
>Writing the filtering rules as "nat pass" statements does at least
>allow basic outbound filtering, as specifying a rule along with the nat
>statement allows you to talk about individual specific jails.
>Thanks, I will try using this if vnet jails don't work out.
>M
>_______________________________________________
f>reebsd-...@freebsd.org mailing list
>https://lists.freebsd.org/mailman/listinfo/freebsd-net
>To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
I'm doing something every similar to you in a Digital Ocean droplet with a
single public IP., though I don't filter outbound. I reverse proxy HTTP(s) via
nginx with SNI support mostly. It works very well for me, I just wish (though I
know its being look at and possible coming soon) I had ZFS.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
