Hello,
I have an interesting misconfiguration that I could use some insight on. I have a 'turn' service inside of a jail and used a PF rule to send any ports within a certain range to that jail. Unfortunately, this appears to have an impact on the jail host performing certain actions like portsnap fetch.
Is there anyway to update the below pf.conf rules to allow for the host to use those external ports if it generates the request? Or am I thinking about this wrong? I'll apologize in advance for any misuse of terminology. I still feel like a BSD noob.
I have an interesting misconfiguration that I could use some insight on. I have a 'turn' service inside of a jail and used a PF rule to send any ports within a certain range to that jail. Unfortunately, this appears to have an impact on the jail host performing certain actions like portsnap fetch.
Is there anyway to update the below pf.conf rules to allow for the host to use those external ports if it generates the request? Or am I thinking about this wrong? I'll apologize in advance for any misuse of terminology. I still feel like a BSD noob.
Code:
# Public IP address
IP_PUB="192.168.50.104"
# Packet normalization
scrub in all
# Allow outbound connections from within the jails
nat on igb0 from lo1:network to any -> (igb0)
# turn jail at lo1:192.168.0.7
rdr on igb0 proto { tcp udp } from any to $IP_PUB port 49152:65535 -> 192.168.0.7 port 49152:65535