From 310fea89aea7eee841c04169c8dce8891c6e0753 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Tue, 20 Jun 2023 02:11:46 -0400 Subject: [PATCH] Fix internal access to DNS server. --- ansible/roles/firewall/files/mrmanager_pf.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/firewall/files/mrmanager_pf.conf b/ansible/roles/firewall/files/mrmanager_pf.conf index fe38ea6..350a3a8 100644 --- a/ansible/roles/firewall/files/mrmanager_pf.conf +++ b/ansible/roles/firewall/files/mrmanager_pf.conf @@ -31,6 +31,7 @@ rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to $not_jail_nat_v4 port 6 # nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.210 port 65099 -> (lagg0) rdr pass inet proto {tcp, udp} from any to ($ext_if) port 53 -> 10.215.1.211 port 53 +nat pass on jail_nat proto {tcp, udp} from { 10.215.1.0/24, !10.215.1.1 } to 10.215.1.211 -> (jail_nat) # filtering