Set up the nat_dhcp jail for mrmanager.

ansible/roles/devfs/files/mrmanager_devfs.rules

@@ -0,0 +1,5 @@
+[tajaildhcp=14]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
+add path 'bpf*' unhide

ansible/roles/firewall/files/mrmanager_pf.conf

@@ -1,4 +1,5 @@
 ext_if = "lagg0"
+not_ext_if = "{ !lagg0 }"
 jail_nat_v4 = "{ 10.215.1.0/24 }"
 not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
 
@@ -14,8 +15,9 @@ udp_pass_in = "{ 53 51820 51821 51822 }"
 set skip on lo
 
 # redirections
-nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> ($ext_if)
-rdr pass on !$ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
+nat pass on lagg0 inet from $jail_nat_v4 to $not_jail_nat_v4 -> (lagg0)
+nat pass on $not_ext_if inet from $jail_nat_v4 to 10.215.1.1 port 53 -> ($ext_if)
+rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
 
 # filtering
 block log all

ansible/roles/network/files/mrmanager_routing.conf

@@ -1 +1,3 @@
 defaultrouter="74.80.180.137"
+gateway_enable="YES"
+ipv6_gateway_enable="YES"