04-psyche.tot...@icloud.com writes: > Hi all, > > I have setup a virtual machine on my openbsd box, following the guide > https://www.openbsd.org/faq/faq16.html#VMMnet > > I have trouble configuring pf to give the the VM access to the internet. > > If my /etc/pf.conf contains the following lines, I don't have access to the > internet from the VM: > > ---------- > block all > pass out inet all keep state > > # Config to allow virtual Machine VMM to access the internet > DNS_SERVER="8.8.8.8" > match out on egress from 100.64.0.0/10 to any nat-to (egress) > pass in proto { udp tcp } from 100.64.0.0/10 to any port domain rdr-to > $DNS_SERVER port domain > -----------
Is this the entirety of /etc/pf.conf? > > > However, if I comment out the first line (block all), or add a "pass in" line > then it works. > I'm far from a "pf person" let alone a "network person", but what are you trying to achieve with your config? The example /etc/examples/pf.conf starts with something like: block return # block stateless traffic pass # establish keep-state Why can't you start there? > Either is way too permissive though, what is the smallest "pass in" I should > add to allow it internet access? > > I tried "pass in to 100.64.0.0/10" but it does not work. > > Thank you! > > Jake
