12.0 betaX with vnet.pf

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

12.0 betaX with vnet.pf

Ernie Luzar
Hello lists:

With 12.0, vimage is now included with the system base kernel and the
pfctl program has been worked on so it will function in a vnet jail.

While 12.0 is still in the beta releases i am trying to test this new
environment. All ready found bug dealing with ipfilter running on host
with pf trying to be loaded. This bug is suppose to be fixed in beta3.

Having trouble setting up a vnet jail with pf firewall.

My setup =
host running pf with pass all and log all rules on the interface facing
the public internet.
vnet jail has complete directory tree.
pf is started by vnet jail's rc.conf pf option statements.
pf rules use macro containing the epair2b as interface name.
pflog needs devfs_ruleset to unhide pflog.
use bridge/epair for networking.
can ping 10.0.10.2 on host from vnet jail.

Having these problems
pf log inside of vnet jail not being populated
pf nat rule causing rule set error
can not ping public internet from vnet jail.
ftpproxy rule error.


Has anyone been able to get a 12.0 vnet/pf environment working?
Would anyone be willing to help me get my setup working?


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"