PF rule for NAT on vnat0. Finally I have real networking in virtual machines
This commit is contained in:
mykola2312
parent
9aeedb1950
commit
afff9fafda
1 changed files with 13 additions and 0 deletions
13
pf.conf
13
pf.conf
|
|
@ -4,10 +4,23 @@ set block-policy return
|
||||||
set fingerprints "/etc/pf.os"
|
set fingerprints "/etc/pf.os"
|
||||||
# definitions
|
# definitions
|
||||||
pf_strict = "{ re0 wlan0 ue0 }"
|
pf_strict = "{ re0 wlan0 ue0 }"
|
||||||
|
ext_ifs = "{ re0 wlan0 ue0 }"
|
||||||
|
|
||||||
|
vm_if = "vnat0"
|
||||||
|
vm_net = "10.0.0.0/24"
|
||||||
|
|
||||||
table <goonlan> const { 192.168.100.0/24, 192.168.184.0/24, 192.168.55.0/24 }
|
table <goonlan> const { 192.168.100.0/24, 192.168.184.0/24, 192.168.55.0/24 }
|
||||||
icmp_types = "{ 0, 3, 4, 8, 11, 12 }"
|
icmp_types = "{ 0, 3, 4, 8, 11, 12 }"
|
||||||
# base rules
|
# base rules
|
||||||
set skip on lo0
|
set skip on lo0
|
||||||
|
|
||||||
|
# translation
|
||||||
|
## VM networking
|
||||||
|
nat on re0 from $vm_if:network to any -> (re0)
|
||||||
|
nat on wlan0 from $vm_if:network to any -> (wlan0)
|
||||||
|
nat on ue0 from $vm_if:network to any -> (ue0)
|
||||||
|
|
||||||
|
# filter
|
||||||
## allow any outgoing traffic
|
## allow any outgoing traffic
|
||||||
pass out on pf_strict from any to any
|
pass out on pf_strict from any to any
|
||||||
## allow ICMP pings
|
## allow ICMP pings
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue