From cbff4e326d8db9e8cdbd2c14302c6f607b92a6f0 Mon Sep 17 00:00:00 2001 From: yaazkal Date: Fri, 18 Sep 2020 17:53:05 -0500 Subject: [PATCH] Update README.md clarifying pf config example Change the pf.conf example in order to prevent issues (jails not allowed to access internet correctly) when the network interface has IP aliases. Many thanks to @cedwards and @chriswells0 for the hints. --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 49b0482b..ebbf7f0c 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ scrub in on $ext_if all fragment reassemble set skip on lo table persist -nat on $ext_if from to any -> ($ext_if) +nat on $ext_if from to any -> ($ext_if:0) ## static rdr example # rdr pass inet proto tcp from any to any port {80, 443} -> 10.17.89.45 @@ -141,6 +141,9 @@ pass in inet proto tcp from any to any port ssh flags S/SA keep state ``` * Make sure to change the `ext_if` variable to match your host system interface. +* Note that if multiple interface aliases are in place, the index `($ext_if:0)` +can be changed accordingly; so if you want to send traffic out the second IP alias +of the interface, change the value to `($ext_if:1)` and so on. * Make sure to include the last line (`port ssh`) or you'll end up locked out of a remote system. @@ -149,7 +152,7 @@ containers are: ``` table persist -nat on $ext_if from to any -> ($ext_if) +nat on $ext_if from to any -> ($ext_if:0) ## rdr example ## rdr pass inet proto tcp from any to any port {80, 443} -> 10.17.89.45