Proxy arp.

ansible/roles/firewall/files/mrmanager_pf.conf

@@ -2,6 +2,7 @@ ext_if = "lagg0"
 not_ext_if = "{ !lagg0 }"
 jail_nat_v4 = "{ 10.215.1.0/24 }"
 not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
+pub_k8s = "{ 74.80.180.136/29, !74.80.180.138 }"
 
 dhcp = "{ bootpc, bootps }"
 allow = "{ colo }"
@@ -30,9 +31,11 @@ block log all
 pass out on $ext_if
 
 # Single interface kubernetes cluster is working with the following run on mrmanager:
-#   doas route add -host 74.80.180.139 -int jail_nat
+#   doas route add -host 74.80.180.139 -interface jail_nat
+#   doas sysctl net.link.ether.inet.proxyall=1
 # Plus this in pf.conf:
 #   pass quick from any to 74.80.180.139
+pass quick from any to $pub_k8s
 
 pass in on jail_nat
 # Allow traffic from my machine to the jails/virtual machines