Re: NAT Reflection rules for FreeBSD PF

2016-11-16 Thread Niklaas Baudet von Gersdorff
Oliver Peter [2016-11-16 12:05 +0100] : > The interesting thing here is that /all/ traffic happens on lo0 - even for > jail1 which sits on lo1 only - which I don't understand. I had been wondering about the same thing some while ago: http://marc.info/?l=freebsd-questions&m=147049889417893&w=2

Re: NAT Reflection rules for FreeBSD PF

2016-11-16 Thread Oliver Peter
On Tue, Nov 15, 2016 at 02:49:18PM +, Big Lebowski wrote: > On Tue, Nov 15, 2016 at 1:26 PM, Oliver Peter wrote: > > > On Tue, Nov 15, 2016 at 01:03:54PM +, Big Lebowski wrote: > > > On Tue, Nov 15, 2016 at 11:37 AM, Oliver Peter > > wrote: > > > > > > > El duderino, > > > > > > > > On M

Re: NAT Reflection rules for FreeBSD PF

2016-11-15 Thread Kristen Nielsen
Hi. We have had the same needs earlier, but solved it in our network. Although I have been considering the possibility if there was an easy ACL based way to get jails to talk with each other e.g with sockets and related filters in the 127.0.0.0/8 ip range. Without having deep insights in the

Re: NAT Reflection rules for FreeBSD PF

2016-11-15 Thread Big Lebowski
On Tue, Nov 15, 2016 at 1:26 PM, Oliver Peter wrote: > On Tue, Nov 15, 2016 at 01:03:54PM +, Big Lebowski wrote: > > On Tue, Nov 15, 2016 at 11:37 AM, Oliver Peter > wrote: > > > > > El duderino, > > > > > > On Mon, Nov 14, 2016 at 10:30:59PM +, Big Lebowski wrote: > > > > > > > > I am t

Re: NAT Reflection rules for FreeBSD PF

2016-11-15 Thread Oliver Peter
On Tue, Nov 15, 2016 at 01:03:54PM +, Big Lebowski wrote: > On Tue, Nov 15, 2016 at 11:37 AM, Oliver Peter wrote: > > > El duderino, > > > > On Mon, Nov 14, 2016 at 10:30:59PM +, Big Lebowski wrote: > > > > > > I am trying to set up a 11.0-R PF based NAT for group of jails that needs > >

Re: NAT Reflection rules for FreeBSD PF

2016-11-15 Thread Big Lebowski
On Tue, Nov 15, 2016 at 11:37 AM, Oliver Peter wrote: > El duderino, > > On Mon, Nov 14, 2016 at 10:30:59PM +, Big Lebowski wrote: > > > > I am trying to set up a 11.0-R PF based NAT for group of jails that needs > > to be able to talk to services on other jails, just as if they'd be > client

Re: NAT Reflection rules for FreeBSD PF

2016-11-15 Thread Oliver Peter
El duderino, On Mon, Nov 14, 2016 at 10:30:59PM +, Big Lebowski wrote: > > I am trying to set up a 11.0-R PF based NAT for group of jails that needs > to be able to talk to services on other jails, just as if they'd be clients > from outside of the network. Apparently, this is called 'NAT ref

NAT Reflection rules for FreeBSD PF

2016-11-14 Thread Big Lebowski
Hi, I am trying to set up a 11.0-R PF based NAT for group of jails that needs to be able to talk to services on other jails, just as if they'd be clients from outside of the network. Apparently, this is called 'NAT reflection' and I was able to find examples for OpenBSD PF here: https://www.openbs