Hi. I was using NAT configuration because I am using wlan0 interface for internet on my PC and it was working well until Bastille changed the pf.conf. I don't have much knowledge about firewalls.
I had this line in the pf configuration.
Then Bastille updated the pf configuration like this.
Then I added the line missing.
But now there is no internet access on VM debian guest that is not configured with DHCP, it uses static address.
Here is my ifconfig.
I had this line in the pf configuration.
Code:
nat on wlan0 from {192.168.8.0/24} to any -> (wlan0)Then Bastille updated the pf configuration like this.
Code:
# cat /etc/pf.conf
## generated by bastille setup
ext_if="wlan0"
set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo
table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if:0)
rdr-anchor "rdr/*"
block in all
pass out quick keep state
antispoof for $ext_if inet
pass in inet proto tcp from any to any port ssh flags S/SA keep stateThen I added the line missing.
Code:
# cat /etc/pf.conf
## generated by bastille setup
ext_if="wlan0"
set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo
table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if:0)
-----> nat on wlan0 from {192.168.8.0/24} to any -> (wlan0) <------
rdr-anchor "rdr/*"
block in all
pass out quick keep state
antispoof for $ext_if inet
pass in inet proto tcp from any to any port ssh flags S/SA keep stateBut now there is no internet access on VM debian guest that is not configured with DHCP, it uses static address.
Here is my ifconfig.
Code:
re0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether
media: Ethernet autoselect (none)
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=0
ether
inet 192.168.1.xxx netmask 0xffffff00 broadcast 192.168.1.255
inet6 prefixlen 64 scopeid 0x3
inet6 prefixlen 64 autoconf
groups: wlan
ssid channel 36 (5180 MHz 11a ht/40+) bssid
regdomain ETSI country TR indoor ecm authmode WPA2/802.11i privacy ON
deftxkey UNDEF AES-CCM 3:128-bit txpower 17 bmiss 7 mcastrate 6
mgmtrate 6 scanvalid 60 ampdulimit 64k ampdudensity 4 shortgi -uapsd
wme burst roaming MANUAL
parent interface: ath0
media: IEEE 802.11 Wireless Ethernet MCS mode 11na
status: associated
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
vm-public: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=0
ether f6:4b:98:11:f0:02
inet 192.168.8.1 netmask 0xffffff00 broadcast 192.168.8.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
groups: bridge vm-switch viid-4c918@
nd6 options=9<PERFORMNUD,IFDISABLED>
bastille0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 10.31.69.1 netmask 0xffffff00
inet6 fe80::1%bastille0 prefixlen 64 scopeid 0x5
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>