Re: pf NAT and VNET Jails

On Tue, Nov 10, 2015 at 1:28 PM, Kristof Provost wrote: > On 2015-11-09 21:47:01 (-0500), Shawn Webb wrote: >> I found the problem: it seems that the new Intel Haswell graphics >> support (which I've been running with) is at odds somehow with pf NAT.

Re: pf NAT and VNET Jails

On 2015-11-09 21:47:01 (-0500), Shawn Webb wrote: > I found the problem: it seems that the new Intel Haswell graphics > support (which I've been running with) is at odds somehow with pf NAT. > Removing Haswell graphics support means working pf NAT. > That's ... very

Re: pf NAT and VNET Jails

On Tue, Nov 10, 2015 at 01:45:21PM -0800, NGie Cooper wrote: > On Tue, Nov 10, 2015 at 1:28 PM, Kristof Provost wrote: > > On 2015-11-09 21:47:01 (-0500), Shawn Webb > > wrote: > >> I found the problem: it seems that the new Intel Haswell graphics >

Re: pf NAT and VNET Jails

On Thursday, 05 November 2015 11:45:25 PM Kristof Provost wrote: > > On 05 Nov 2015, at 17:25, Shawn Webb wrote: > > I've figured it out. I've removed all rules and went with a barebones > > config. > > > > Right now, the laptop I'm using for NAT has an outbound

Re: pf NAT and VNET Jails

On Mon, Nov 09, 2015 at 08:18:32AM -0500, Shawn Webb wrote: > I'm using iocage for jailing. > > It's now looking like pf is back to being broken for me. I've tried every > combination possible, even hardcoding the values: > > nat on wlan0 from {192.168.6.0/24, 192.168.7.0/24} to any ->

Re: pf NAT and VNET Jails

On Tuesday, 03 November 2015 12:44:19 AM Kristof Provost wrote: > > On 02 Nov 2015, at 15:07, Shawn Webb wrote: > > > > On Monday, 02 November 2015 02:59:03 PM Kristof Provost wrote: > >> Can you add your pf.conf too? > >> > >> I’ll try upgrading my machine to

Re: pf NAT and VNET Jails

> On 05 Nov 2015, at 17:25, Shawn Webb wrote: > I've figured it out. I've removed all rules and went with a barebones config. > > Right now, the laptop I'm using for NAT has an outbound interface of wlan0 > with an IP of 129.6.251.181 (from DHCP). The following line

Re: pf NAT and VNET Jails

On Sunday, 01 November 2015 07:16:34 AM Julian Elischer wrote: > On 11/1/15 2:50 AM, Shawn Webb wrote: > > I'm at r290228 on amd64. I'm not sure which revision I was on last when it > > last worked, but it seems VNET jails aren't working anymore. > > > > I've got a bridge, bridge1, with an IP of

Re: pf NAT and VNET Jails

On Monday, 02 November 2015 02:59:03 PM Kristof Provost wrote: > > On 02 Nov 2015, at 14:47, Shawn Webb wrote: > > > > On Sunday, 01 November 2015 07:16:34 AM Julian Elischer wrote: > >> On 11/1/15 2:50 AM, Shawn Webb wrote: > >>> I'm at r290228 on amd64. I'm not sure

Re: pf NAT and VNET Jails

> On 02 Nov 2015, at 14:47, Shawn Webb wrote: > > On Sunday, 01 November 2015 07:16:34 AM Julian Elischer wrote: >> On 11/1/15 2:50 AM, Shawn Webb wrote: >>> I'm at r290228 on amd64. I'm not sure which revision I was on last when it >>> last worked, but it seems VNET

Re: pf NAT and VNET Jails

> On 02 Nov 2015, at 15:07, Shawn Webb wrote: > > On Monday, 02 November 2015 02:59:03 PM Kristof Provost wrote: >> >> Can you add your pf.conf too? >> >> I’ll try upgrading my machine to something beyond 290228 to see if I can >> reproduce it. It’s on r289635 now,

pf NAT and VNET Jails

I'm at r290228 on amd64. I'm not sure which revision I was on last when it last worked, but it seems VNET jails aren't working anymore. I've got a bridge, bridge1, with an IP of 192.168.7.1. The VNET jails set their default route to 192.168.7.1. The host simply NATs outbound from 192.168.7.0/24

Re: pf NAT and VNET Jails

On 11/1/15 2:50 AM, Shawn Webb wrote: I'm at r290228 on amd64. I'm not sure which revision I was on last when it last worked, but it seems VNET jails aren't working anymore. I've got a bridge, bridge1, with an IP of 192.168.7.1. The VNET jails set their default route to 192.168.7.1. The host