All,
I have a few questions. My home system is using a bridge for various reasons, mostly to enable my VMS in BHyve to access the outside world through tap0.
My rc.conf and pf.conf are below. When I use this setup, my VMS can connect out and receive addresses on the network. When I reboot however, my network does not come up and I have to set the address on the bridge manually. Further, for whatever reason I am unable to connect to services such as samba running in jails, whereas without the bridgeiI can connect just fine.
Any help would be greatly appreciated.
Thanks,
pf.conf:
pf.conf:
I have a few questions. My home system is using a bridge for various reasons, mostly to enable my VMS in BHyve to access the outside world through tap0.
My rc.conf and pf.conf are below. When I use this setup, my VMS can connect out and receive addresses on the network. When I reboot however, my network does not come up and I have to set the address on the bridge manually. Further, for whatever reason I am unable to connect to services such as samba running in jails, whereas without the bridge
Any help would be greatly appreciated.
Thanks,
pf.conf:
Code:
iocage_enable="YES"
hostname="giraffe"
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
gateway_enable="yes"
cloned_interfaces="lo1 tap0 bridge0"
ipv4_addrs_lo1="192.168.0.1-9/29"
ifconfig_igb0="up"
ifconfig_bridge0="addm igb0 addm bridge0 inet 10.21.96.200 netmask 0xffffff00 up"
defaultrouter="10.21.96.254"
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"
syslogd_flags="-c -ss"
pf_enable="YES"
pflog_enable="YES"
Code:
if="bridge0"
addr="10.21.96.200"
samba_addr="192.168.0.2"
dlna_addr="192.168.0.3"
unbound_addr="192.168.0.4"
#port groupings
tcp_services="{53 netbios-ns netbios-dgm netbios-ssn microsoft-ds 22}"
udp_services="{53 netbios-ns netbios-dgm netbios-ssn microsoft-ds}"
samba_services="{netbios-dgm netbios-ns netbios-ssn microsoft-ds}"
set skip on lo
set loginterface $if
scrub in all
#allow jails through
nat on $if inet from $samba_addr to any tag jail_samba -> $addr
nat on $if inet from $dlna_addr to any tag jail_dlna -> $addr
nat on $if inet from $unbound_addr to any tag jail_unbound -> $addr
#portforward to jails.
#unbound
rdr pass on $if proto tcp from any to any port 53 -> $unbound_addr
rdr pass on $if proto udp from any to any port 53 -> $unbound_addr
#samba
rdr pass on $if proto tcp from any to any port $samba_services -> $samba_addr
rdr pass on $if proto udp from any to any port $samba_services -> $samba_addr
#rules
pass quick on lo1
pass from $if to any keep state
#default policy: deny
antispoof quick for { $if lo }
block in all
#accept TCP ports.
pass in on $if proto tcp from any to any port $tcp_services
pass in on $if proto tcp from any to any port 4000
pass in on $if proto udp from any to any port $udp_services