I used OpenBSD as a router for awhile, I'm using FreeBSD now. I can't seem to filter packets from a natted jail to my LAN. I don't know if OpenBSD has jails, but I wonder if it would work under OpenBSD. I don't want packets getting from the 10.0.0.1 jail to my 192.168.0.0/24 network. But the jail has to access the internet. If someone could send me a pf.conf for that I would appreciate it.
ah, that's super easy, have you ever even tried to read the docs? If 10.0.0.1 is a gateway that people are nat'd behind, something like
block in from 10.0.0.1 to 192.168.0.0/24
in pf.conf, done. pfctl -n -f/etc/pf.conf to check that the grammar is correct, and pfctl -F rules -f/etc/pf.conf to reload the rules. If you mean you need to set up the openbsd box to *do* nating it's still pretty simple. All it takes is a quick look at the PF documentation.
OpenBSD pf (Score:0)
I used OpenBSD as a router for awhile, I'm using FreeBSD now. I can't seem to filter packets from a natted jail to my LAN. I don't know if OpenBSD has jails, but I wonder if it would work under OpenBSD. I don't want packets getting from the 10.0.0.1 jail to my 192.168.0.0/24 network. But the jail has to access the internet. If someone could send me a pf.conf for that I would appreciate it.
Re:OpenBSD pf (Score:3, Informative)