Date: Sun, 30 Nov 2014 15:46:13 -0800 From: Sean Bruno <sbruno@ignoranthack.me> To: freebsd-net@freebsd.org Subject: pf(4) changes recently? Message-ID: <547BAC45.4050706@ignoranthack.me>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I use pf and jails on a host to redirect port 80 to the correct jail. I only use 1 routeable IP and have been running this configuration for over a year now. I run nginx in jailA (10.0.0.2) and have it capture port 80 requests and forward them to either jailB (10.0.0.3) or jailC(10.0.0.4) based on hostname in the http request. Recently(last 3 months), pf has started blocking the ability of jailA to send these requests to the other two jails and I don't know why. my nginx config and pf.conf are unchanged. When I enter jailA and attempt to telnet to jailB port 80, I get rejected. So, I assume something is wrong with my current pf implementation. pf.conf: - -------------------------------------------------------------------------= --------------------------- jailA_if =3D "lo1" JailAnet =3D $jailA_if:network jailB_if =3D "lo2" jailBnet =3D $jailB_if:network jailC_if =3D "lo3" jailCnet =3D $jailC_if:network jailA=3D"10.0.0.2" jailB=3D"10.0.0.3" jailC=3D"10.0.0.4" #NAT nat on $ext_if from $jailAnet to any -> ($ext_if) nat on $ext_if from $jailBnet to any -> ($ext_if) nat on $ext_if from $jailCnet to any -> ($ext_if) # Redirect 80 rdr pass on $ext_if inet proto tcp to port http -> $jailA port http - -------------------------------------------------------------------------= --------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQF8BAEBCgBmBQJUe6xAXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwAAoJEBIB78oecn5k3wwIAJA/WHdR+1F9sgfpx+LkgIWf ghS+57DINlt3fuMR5TTZ6lP9yLtYAPt+bf/PaJzgBn10waVrw9RmmZucCGySf+cu 92HGPi9fchyALplpeyPR3qD5bne8lnx9xQhYhh/gNIpkX7K/+hW+j1xGG5AsNwjr uQwoFq2IMwitFRdx4fSpttERbUEWDX7q333/QYkcLTpGoiouADzmlM9kqtSLGuvG +oRXl+lI83A3q4G+ec4r7sSmRc4Ou7J1YMiiWlaSqAZCRlPWhcWnQTVwQCHhYGgC 5FX26CV7akFmGCy1OykZJBRvQjozZp4t7FL7Jv0mvavMTX8ZalST3LRqqV7aBBM=3D =3DXqEl -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?547BAC45.4050706>