diff --git a/ansible/roles/firewall/files/odofreebsd_pf.conf b/ansible/roles/firewall/files/odofreebsd_pf.conf
index 95897f9..516cf16 100644
--- a/ansible/roles/firewall/files/odofreebsd_pf.conf
+++ b/ansible/roles/firewall/files/odofreebsd_pf.conf
@@ -19,6 +19,10 @@ set skip on lo
 nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
 rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
 
+# Redirect jaeger ports to virtual machine.
+# nat pass on lo inet from 127.0.0.0/24 to 127.0.0.0/24 port {6831 6832 16686 14268} -> (jail_nat)
+# rdr pass proto {tcp, udp} from jail_nat:network to 127.0.0.0/24 port {6831 6832 16686 14268} -> 10.215.1.201
+
 # filtering
 block log all
 pass out on $ext_if
@@ -31,7 +35,7 @@ pass out on jail_nat from jail_nat
 # them because changes to pass rules will update when running a
 # `service pf reload` but interfaces that we `skip` will not update (I
 # forget if its from adding, removing, or both. TODO: test to figure
-# it out)
+# it out). Also skipped interfaces are not subject to nat/rdr rules.
 pass quick on $allow
 
 pass on $ext_if proto icmp all