Date: Tue, 5 Jan 2021 12:04:40 +0100 From: Jacques Foucry <jacques+freebsd@foucry.net> To: freebsd-jail@freebsd.org Subject: Need help with VNET, Jail and IPv6 Message-ID: <X/RHyJhoGIwN7rkF@mithril>
next in thread | raw e-mail | index | archive | help
Hello all,
On my hosted machine I already have many "classical" jails.
But I would like to switch to modern schema with Bridge and vnet.
With IPv4 I have no problem. In fact is almost like without Bridge/VNET:
ifconfig em0bridge
em0bridge: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:36:b3:c1:8a:00
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 20000
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>
nyjail{
host.hostname="mywebite.fr";
path="/jails/mywebsite";
allow.mount=true;
allow.raw_sockets;
vnet;
vnet.interface = "e0b_${name}";
exec.prestart += "jib addm ${name} em0";
exec.poststop += "jib destroy ${name}";
exec.start = "/sbin/ifconfig e0b_${name} 10.1.1.28/24";
exec.start += "/sbin/route add default 10.1.1.254";
exec.poststart += "/sbin/ifconfig e0a_${name} 10.1.1.254/24";
exec.poststop += "/sbin/ifconfig e0b_${name} -vnet ${name}";
exec.poststop += "/sbin/ifconfig deletem e0b_${name}";
exec.poststop += "sleep 2";
exec.poststop += "/sbin/ifconfig e0b_${name} destroy";
persist=true;
mount.fstab="/etc/fstab.${name}";
}
With pf I could connect througt ssh to my jail:
jails_net = "{192.168.12.0/24 10.1.1.0/24}"
nat on $ext_if from $jails_net to any -> ($ext_if)
myjail_v4="10.1.1.28"
myjail_v6="2a01:4f9:4a:1fd8::28"
myjail_ports = 2228
rdr on $ext_if inet proto tcp from any to $ext_if port $myjail_ports -> $myjail_v4
rdr on $ext_if inet6 proto tcp from any to $ext_if port $myjail_ports -> $myjail_v6
pass in log quick on $ext_if proto tcp from any to $myjail_v4 port
pass in log quick on $ext_if proto tcp from any to $myjail_v6 port
The old fashion mail use em0_alias for IPv6
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=81009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
ether b4:2e:99:6a:80:9d
inet6 2a01:4f9:4a:1fd8::2 prefixlen 64
inet6 fe80::b62e:99ff:fe6a:809d%em0 prefixlen 64 scopeid 0x1
inet6 2a01:4f9:4a:1fd8::5 prefixlen 64
inet6 2a01:4f9:4a:1fd8::16 prefixlen 64
inet6 2a01:4f9:4a:1fd8::14 prefixlen 64
inet6 2a01:4f9:4a:1fd8::15 prefixlen 64
inet6 2a01:4f9:4a:1fd8::21 prefixlen 64
inet6 2a01:4f9:4a:1fd8::25 prefixlen 64
inet6 2a01:4f9:4a:1fd8::29 prefixlen 64
inet6 2a01:4f9:4a:1fd8::17 prefixlen 64
inet6 2a01:4f9:4a:1fd8::11 prefixlen 64
inet6 2a01:4f9:4a:1fd8::12 prefixlen 64
inet6 2a01:4f9:4a:1fd8::18 prefixlen 64
inet6 2a01:4f9:4a:1fd8::22 prefixlen 64
inet6 2a01:4f9:4a:1fd8::19 prefixlen 64
inet6 2a01:4f9:4a:1fd8::28 prefixlen 64
inet 95.217.83.231 netmask 0xffffffc0 broadcast 95.217.83.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
My goal is first to have on jail (myjail) working with IPv4 and IPv6 then,
slowly migrate the old jail to the new way.
So, I need help to configure myjail to have IPv6 working:
- configure a IPv6 on e0b_myjail is easy, but which defaultrouter6 did I use?
- did the bridge have an IPv6 to be the defaultrouter6? I try with no luck.
- did I need some configuration on PF?
Thanks for reading me (I sure I not really clear) and for your advice.
Btw, after I successfully configure myjail (and the other one) I will wrote a
how-to.
--
Jacques Foucry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?X/RHyJhoGIwN7rkF>