Date: Sun, 11 Nov 2018 11:33:45 +0100 From: "Kristof Provost" <kristof@sigsegv.be> To: "Ernie Luzar" <luzar722@gmail.com> Cc: freebsd-questions@freebsd.org, freebsd-jail@freebsd.org Subject: Re: 12.0-beta3 pf firewall NAT rule syntax for vnet jail using pf Message-ID: <CE5DE9B5-C24A-435A-83FE-080F9418EFFD@sigsegv.be> In-Reply-To: <5BE5CE9D.9030503@gmail.com> References: <5BE5CE9D.9030503@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9 Nov 2018, at 19:14, Ernie Luzar wrote: > Hello lists; > > testing 12.0-beta3 vnet jail that is using pf firewall. > net.inet.ip.forwarding =1 for the vnet jail. > Host is running ipfilter firewall. > The kldload pf.ko pflog.ko command has been issued. > 10.0.10.30 is the ip address assigned to the vnet jail in the > jail.conf. > Using this nat rule > > nat on epair2b from 10.0.0.30/24 to any -> (vge0) > Is this rule set on the pf inside the jail? > vge0 is the hosts interface facing the public internet and a member of > bridge2 along with member epair2a. > Is this bridge on the host, so outside the jail? If so, how can the jail see the vge0 interface? Best regards, Kristof From owner-freebsd-questions@freebsd.org Sun Nov 11 13:26:19 2018 Return-Path: <owner-freebsd-questions@freebsd.org> Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9FAF61104B8D for <freebsd-questions@mailman.ysv.freebsd.org>; Sun, 11 Nov 2018 13:26:19 +0000 (UTC) (envelope-from freebsd@twc.com) Received: from dnvrco-cmomta02.email.rr.com (dnvrco-outbound-snat.email.rr.com [107.14.73.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0EDC580900 for <freebsd-questions@freebsd.org>; Sun, 11 Nov 2018 13:26:18 +0000 (UTC) (envelope-from freebsd@twc.com) Received: from freebsd.friedrich.org ([74.132.25.214]) by cmsmtp with ESMTP id Lpi2gfGoIXEleLpi5gReKl; Sun, 11 Nov 2018 13:23:29 +0000 From: Steven Friedrich <FreeBSD@twc.com> To: freebsd-questions@freebsd.org Subject: sysctl Date: Sun, 11 Nov 2018 08:23:26 -0500 Message-ID: <8667980.RH3biPoPvx@freebsd.friedrich.org> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-CMAE-Envelope: MS4wfMmFPH03UmKx3oTdnV5rAdHU6zcZQUbgfaTVoYpN+rpfGt2lcQ1ulZN1nzg2vOkPxFhaABuki/FBXBE2vw+jcEGKE1Ufbwxuu55PmOZOPviB7T3Fzp9B 5tLwzkiERfN50PiDDyBuxKUfkS8ZfVS2FtrTwF5jVdP9fMZT80RwqkAsVQMaHfOBXW2IDkmES4D4vw== X-Rspamd-Queue-Id: 0EDC580900 X-Spamd-Result: default: False [-1.62 / 200.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.79)[-0.790,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:107.14.73.0/24]; FREEMAIL_FROM(0.00)[twc.com]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[twc.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.82)[-0.816,0]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MX_GOOD(-0.01)[cached: dnvrco-cmedge02.email.rr.com]; NEURAL_HAM_SHORT(-0.19)[-0.186,0]; RCVD_IN_DNSWL_NONE(0.00)[228.73.14.107.list.dnswl.org : 127.0.5.0]; IP_SCORE(-0.02)[country: US(-0.09)]; RECEIVED_SPAMHAUS_PBL(0.00)[214.25.132.74.zen.spamhaus.org : 127.0.0.10]; R_DKIM_NA(0.00)[]; CTE_CASE(0.50)[]; ASN(0.00)[asn:7843, ipnet:107.14.73.0/24, country:US]; RCVD_COUNT_TWO(0.00)[2]; FREEMAIL_ENVFROM(0.00)[twc.com]; FROM_EQ_ENVFROM(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>; List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sun, 11 Nov 2018 13:26:19 -0000 Kmail's pakg-message states two parameters must be increased: sysctl net.local.stream.recvspace=65536 sysctl net.local.stream.sendspace=65536 Where do I put these so they occur each boot? I tried adding the following to /boot/loader.conf: net.local.stream.recvspace="65536" net.local.stream.sendspace="65536" But that didn't work.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CE5DE9B5-C24A-435A-83FE-080F9418EFFD>