BSD jails / VMs can't make the jump from LAN to WAN
-
(I hope this belongs here and not in NAT, but I don't know)
I'm new to PF - I just bought one of the little ALIX appliances to replace my wifi-router. All the basic stuff works except one thing:
The plugin/jails on my FreeNAS box cannot connect out to the internet, even though I can access them fine from other machines on my LAN - so I know they are running properly and traffic is going through PF. I believe the problem is that FreeNAS is trying to assign the IPs to its jails, but it's not communicating with PF about it properly. PF does not show them on the DHCP leases page, and manually mapping them does not help.
The crazy thing is, my wifi-router (now just an AP) can see the jails with their FreeNAS-assigned IPs as well as all the other devices on it's attached devices page - the Netgear firmware is too limited to know that nothing is actually attached to it in AP mode. To be clear, this is just anecdotal, The FreeNAS box is attached to the PF box through a switch - the wifi router is not involved.
I have tried various firewall rules (both LAN and WAN) but cannot seem to crack it. I would hope that once PF can recognize the jails, everything would work out fine without any more to do than it took to get all physical devices to connect.
So, can anybody help me get my PF to recognize these jails?
-
I have the exact same issue. did you find a solution for this?
-
Steps to resolve the issue:
- create an alias with all the jail ip addresses
- create a floating rule with
- source: above alias
- port: *
- destination: wan net
- port: *
- gateway *
Everything works now. Not sure why this is needed, though…