Hello,
I have trouble setting up pf.conf so that from inside a jail I can access my VPN network.
I'm using Bastille and I have something like this in the pf.conf file:
The last line seems problematic. If I comment it, I can normally
Posting this question because I couldn't find anything useful on the web.
Would appreciate some help.
Best,
P.
I have trouble setting up pf.conf so that from inside a jail I can access my VPN network.
I'm using Bastille and I have something like this in the pf.conf file:
Code:
bastille_if="bastille0"
ext_if="vtnet0"
vpn_if="tun1"
my_jail_addr=10.10.2.30
my_vpn_addr=10.15.1.1
set skip on lo
#set block-policy return
# 2. tables
table <jails> persist
# 3. options
# 4. packet normalization
scrub in # recommended to reassemble all fragments (absolute freebsd book)
# 5. bandwidth management
# 6. translation
nat on $ext_if from <jails> to any -> $ext_if
nat on $ext_if from $my_jail_addr to any -> $ext_if
nat on $vpn_if from <jails> to 10.15.1.0/24 -> $vpn_if # allow vpn connections from jailsThe last line seems problematic. If I comment it, I can normally
curl to the internet from within the jails, but not the VPN. If I uncomment it, I can't seem to access anything from inside the jails.Posting this question because I couldn't find anything useful on the web.
Would appreciate some help.
Best,
P.