So, I am in search of an explanation as to why the following rule works for my FreeBSD 13.1-RELEASE machine with several jails. I have the jails setup on their own loopback interface (lo1) as well as an internal IPs on re0.
lo0:
...
inet 127.0.0.1 netmask 0xff000000
...
lo1:
...
inet 127.0.1.2 netmask 0xffffffff
inet 127.0.1.6 netmask 0xffffffff
inet 127.0.1.4 netmask 0xffffffff
inet 127.0.1.5 netmask 0xffffffff
...
re0:
...
inet 192.168.254.134 netmask 0xffffff00 broadcast 192.168.254.255
inet 192.168.254.41 netmask 0xffffffff broadcast 192.168.254.41
inet 192.168.254.45 netmask 0xffffffff broadcast 192.168.254.45
inet 192.168.254.43 netmask 0xffffffff broadcast 192.168.254.43
inet 192.168.254.44 netmask 0xffffffff broadcast 192.168.254.44
...
Here is the PF rule which allowed me to access all jails, from 192.168.254.134, which is on the same machine as the jails:
I have also been able to replace "any" in the above rule with the /etc/hosts name of each jail and it works. I am happy, but I am also very curious as to why this works?
lo0:
...
inet 127.0.0.1 netmask 0xff000000
...
lo1:
...
inet 127.0.1.2 netmask 0xffffffff
inet 127.0.1.6 netmask 0xffffffff
inet 127.0.1.4 netmask 0xffffffff
inet 127.0.1.5 netmask 0xffffffff
...
re0:
...
inet 192.168.254.134 netmask 0xffffff00 broadcast 192.168.254.255
inet 192.168.254.41 netmask 0xffffffff broadcast 192.168.254.41
inet 192.168.254.45 netmask 0xffffffff broadcast 192.168.254.45
inet 192.168.254.43 netmask 0xffffffff broadcast 192.168.254.43
inet 192.168.254.44 netmask 0xffffffff broadcast 192.168.254.44
...
Here is the PF rule which allowed me to access all jails, from 192.168.254.134, which is on the same machine as the jails:
Code:
pass in on lo from re0 to any