From 6e18f5bc944c8505cf05374cc3498fc48ae438ac Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 17 Jun 2023 00:25:28 -0400 Subject: [PATCH] Add notes about single-interface kubernetes cluster. --- ansible/roles/firewall/files/mrmanager_pf.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/roles/firewall/files/mrmanager_pf.conf b/ansible/roles/firewall/files/mrmanager_pf.conf index b6acf8b..2c99de9 100644 --- a/ansible/roles/firewall/files/mrmanager_pf.conf +++ b/ansible/roles/firewall/files/mrmanager_pf.conf @@ -29,6 +29,11 @@ nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.204 port block log all pass out on $ext_if +# Single interface kubernetes cluster is working with the following run on mrmanager: +# doas route add -host 74.80.180.139 -int jail_nat +# Plus this in pf.conf: +# pass quick from any to 74.80.180.139 + pass in on jail_nat # Allow traffic from my machine to the jails/virtual machines pass out on jail_nat from $jail_nat_v4