From bb41cb6a969b3e0b54782f4e10e4a411341d6549 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Mon, 5 Jun 2023 16:39:12 -0400
Subject: [PATCH] Also handle internal connections to port 6443.

---
 ansible/roles/firewall/files/mrmanager_pf.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/firewall/files/mrmanager_pf.conf b/ansible/roles/firewall/files/mrmanager_pf.conf
index fdd7e3e..b6acf8b 100644
--- a/ansible/roles/firewall/files/mrmanager_pf.conf
+++ b/ansible/roles/firewall/files/mrmanager_pf.conf
@@ -20,7 +20,9 @@ nat pass on $not_ext_if inet from $jail_nat_v4 to 10.215.1.1 port 53 -> ($ext_if
 rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
 
 rdr pass on $ext_if inet proto tcp from $not_jail_nat_v4 to any port 6443 -> 10.215.1.204 port 6443
-nat pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.204 port 6443 -> (jail_nat)
+rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to any port 6443 -> 10.215.1.204 port 6443
+nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.204 port 6443 -> (jail_nat)
+nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.204 port 6443 -> (jail_nat)
 
 
 # filtering