From owner-freebsd-questions@freebsd.org  Sun Nov 11 10:34:43 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 628C111341E4;
 Sun, 11 Nov 2018 10:34:43 +0000 (UTC)
 (envelope-from srs0=68bu=nw=sigsegv.be=kristof@codepro.be)
Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (Client CN "smtp.codepro.be",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4F4707A0FF;
 Sun, 11 Nov 2018 10:34:42 +0000 (UTC)
 (envelope-from srs0=68bu=nw=sigsegv.be=kristof@codepro.be)
Received: from [10.0.2.193]
 (ptr-8rh08k1bb0ysptp17k8.18120a2.ip6.access.telenet.be
 [IPv6:2a02:1811:240e:402:d5a0:1ec:f70f:b988])
 (Authenticated sender: kp)
 by venus.codepro.be (Postfix) with ESMTPSA id B8FF97724;
 Sun, 11 Nov 2018 11:34:39 +0100 (CET)
From: "Kristof Provost" <kristof@sigsegv.be>
To: "Ernie Luzar" <luzar722@gmail.com>
Cc: freebsd-questions@freebsd.org, freebsd-jail@freebsd.org
Subject: Re: 12.0-beta3 pf firewall NAT rule syntax for vnet jail using pf
Date: Sun, 11 Nov 2018 11:33:45 +0100
X-Mailer: MailMate (2.0BETAr6126)
Message-ID: <CE5DE9B5-C24A-435A-83FE-080F9418EFFD@sigsegv.be>
In-Reply-To: <5BE5CE9D.9030503@gmail.com>
References: <5BE5CE9D.9030503@gmail.com>
MIME-Version: 1.0
X-Rspamd-Queue-Id: 4F4707A0FF
X-Spamd-Result: default: False [-4.28 / 200.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 DMARC_POLICY_SOFTFAIL(0.10)[sigsegv.be : SPF not aligned (relaxed), No valid
 DKIM,none]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3];
 R_SPF_ALLOW(-0.20)[+ip6:2a01:4f8:162:1127::2];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_MED(-0.20)[2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.2.1.1.2.6.1.0.8.f.4.0.1.0.a.2.list.dnswl.org
 : 127.0.9.2]; MX_GOOD(-0.01)[mx2.codepro.be,mx1.codepro.be];
 NEURAL_HAM_SHORT(-0.98)[-0.984,0];
 FORGED_SENDER(0.30)[kristof@sigsegv.be,srs0=68bu=nw=sigsegv.be=kristof@codepro.be];
 FREEMAIL_TO(0.00)[gmail.com]; R_DKIM_NA(0.00)[];
 IP_SCORE(-1.19)[ipnet: 2a01:4f8::/29(-2.92), asn: 24940(-3.00), country:
 DE(-0.02)]; 
 ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE];
 FROM_NEQ_ENVFROM(0.00)[kristof@sigsegv.be,srs0=68bu=nw=sigsegv.be=kristof@codepro.be];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]
X-Rspamd-Server: mx1.freebsd.org
Content-Type: text/plain; format=flowed
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Nov 2018 10:34:43 -0000

On 9 Nov 2018, at 19:14, Ernie Luzar wrote:
> Hello lists;
>
> testing 12.0-beta3 vnet jail that is using pf firewall.
> net.inet.ip.forwarding =1 for the vnet jail.
> Host is running ipfilter firewall.
> The kldload pf.ko pflog.ko command has been issued.
> 10.0.10.30 is the ip address assigned to the vnet jail in the 
> jail.conf.
> Using this nat rule
>
> nat on epair2b from 10.0.0.30/24 to any -> (vge0)
>
Is this rule set on the pf inside the jail?

> vge0 is the hosts interface facing the public internet and a member of 
> bridge2 along with member epair2a.
>
Is this bridge on the host, so outside the jail?

If so, how can the jail see the vge0 interface?

Best regards,
Kristof
From owner-freebsd-questions@freebsd.org  Sun Nov 11 13:26:19 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9FAF61104B8D
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sun, 11 Nov 2018 13:26:19 +0000 (UTC) (envelope-from freebsd@twc.com)
Received: from dnvrco-cmomta02.email.rr.com (dnvrco-outbound-snat.email.rr.com
 [107.14.73.228])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "Client", Issuer "CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 0EDC580900
 for <freebsd-questions@freebsd.org>; Sun, 11 Nov 2018 13:26:18 +0000 (UTC)
 (envelope-from freebsd@twc.com)
Received: from freebsd.friedrich.org ([74.132.25.214]) by cmsmtp with ESMTP
 id Lpi2gfGoIXEleLpi5gReKl; Sun, 11 Nov 2018 13:23:29 +0000
From: Steven Friedrich <FreeBSD@twc.com>
To: freebsd-questions@freebsd.org
Subject: sysctl
Date: Sun, 11 Nov 2018 08:23:26 -0500
Message-ID: <8667980.RH3biPoPvx@freebsd.friedrich.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-CMAE-Envelope: MS4wfMmFPH03UmKx3oTdnV5rAdHU6zcZQUbgfaTVoYpN+rpfGt2lcQ1ulZN1nzg2vOkPxFhaABuki/FBXBE2vw+jcEGKE1Ufbwxuu55PmOZOPviB7T3Fzp9B
 5tLwzkiERfN50PiDDyBuxKUfkS8ZfVS2FtrTwF5jVdP9fMZT80RwqkAsVQMaHfOBXW2IDkmES4D4vw==
X-Rspamd-Queue-Id: 0EDC580900
X-Spamd-Result: default: False [-1.62 / 200.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.79)[-0.790,0]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:107.14.73.0/24];
 FREEMAIL_FROM(0.00)[twc.com]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[twc.com];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.82)[-0.816,0];
 RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 MX_GOOD(-0.01)[cached: dnvrco-cmedge02.email.rr.com];
 NEURAL_HAM_SHORT(-0.19)[-0.186,0];
 RCVD_IN_DNSWL_NONE(0.00)[228.73.14.107.list.dnswl.org : 127.0.5.0];
 IP_SCORE(-0.02)[country: US(-0.09)];
 RECEIVED_SPAMHAUS_PBL(0.00)[214.25.132.74.zen.spamhaus.org : 127.0.0.10];
 R_DKIM_NA(0.00)[]; CTE_CASE(0.50)[];
 ASN(0.00)[asn:7843, ipnet:107.14.73.0/24, country:US];
 RCVD_COUNT_TWO(0.00)[2]; FREEMAIL_ENVFROM(0.00)[twc.com];
 FROM_EQ_ENVFROM(0.00)[]
X-Rspamd-Server: mx1.freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Nov 2018 13:26:19 -0000

Kmail's pakg-message states two parameters must be increased:

        sysctl net.local.stream.recvspace=65536
        sysctl net.local.stream.sendspace=65536

Where do I put these so they occur each boot?

I tried adding the following to /boot/loader.conf:
net.local.stream.recvspace="65536"
net.local.stream.sendspace="65536"

But that didn't work.