2020-02-01 15:58:02 +00:00
|
|
|
===
|
|
|
|
|
rdr
|
|
|
|
|
===
|
|
|
|
|
|
2020-02-02 00:28:02 +00:00
|
|
|
`bastille rdr` allows you to configure dynamic rdr rules for your containers
|
2020-04-14 11:52:29 +02:00
|
|
|
without modifying pf.conf (assuming you are using the `bastille0` interface
|
|
|
|
|
for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf
|
2020-02-01 15:58:02 +00:00
|
|
|
as described in the Networking section).
|
|
|
|
|
|
2020-04-14 11:52:29 +02:00
|
|
|
Note: you need to be careful if host services are configured to run
|
|
|
|
|
on all interfaces as this will include the jail interface - you should
|
2020-09-05 21:19:51 -04:00
|
|
|
specify the interface they run on in rc.conf (or other config files)
|
2020-02-01 15:58:02 +00:00
|
|
|
|
|
|
|
|
.. code-block:: shell
|
|
|
|
|
|
|
|
|
|
# bastille rdr --help
|
2020-02-02 00:28:02 +00:00
|
|
|
Usage: bastille rdr TARGET [clear] | [list] | [tcp <host_port> <jail_port>] | [udp <host_port> <jail_port>]
|
|
|
|
|
# bastille rdr dev1 tcp 2001 22
|
|
|
|
|
# bastille rdr dev1 list
|
2020-02-01 15:58:02 +00:00
|
|
|
rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
|
2020-02-02 00:28:02 +00:00
|
|
|
# bastille rdr dev1 udp 2053 53
|
|
|
|
|
# bastille rdr dev1 list
|
2020-02-01 15:58:02 +00:00
|
|
|
rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
|
|
|
|
|
rdr on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53
|
2020-02-02 00:28:02 +00:00
|
|
|
# bastille rdr dev1 clear
|
2020-02-01 15:58:02 +00:00
|
|
|
nat cleared
|
