On Tue, Nov 15, 2016 at 11:37 AM, Oliver Peter <li...@peter.de.com> wrote:
> El duderino, > > On Mon, Nov 14, 2016 at 10:30:59PM +0000, Big Lebowski wrote: > > > > I am trying to set up a 11.0-R PF based NAT for group of jails that needs > > to be able to talk to services on other jails, just as if they'd be > clients > > from outside of the network. Apparently, this is called 'NAT reflection' > > and I was able to find examples for OpenBSD PF here: > > https://www.openbsd.org/faq/pf/rdr.html (bottom of the page). > > > > Obviously, their syntax doesn't work on FreeBSD PF, so how to achieve the > > same thing? How to allow jails NAT'd on $ext_if (xn0) coming from > > $jails_net (192.168.0.0/24 aliased on lo0) to talk to each other, via > the > > $ext_if external IP? > > We did something similar in a customer setup a while ago: > > nat on $int_if from $jail_host to any -> $int_ip > rdr pass on $int_if proto { tcp, udp } from $jail_host to $ext_if > port{ $service1, service2 } -> $int_lb > > Cheers Thanks for your response Olivier! Would you mind elaborating on it a bit more? I don't understand what you're trying to achieve here, since the NAT doesn't happen on $int_if (lo0) but instead on $ext_if (xn0). The $int_if only holds the jail's IP addresses from the $jail_net range. How does that compare? Regards, BL _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
