Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 Mar 2020 16:51:32 +0000
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        "Victor Sudakov" <vas@sibptus.ru>
Cc:        "Miroslav Lachman" <000.fbsd@quip.cz>, freebsd-net@freebsd.org, freebsd-questions@freebsd.org
Subject:   Re: IPv6 in jails
Message-ID:  <4CA69535-0F6C-40FC-83CF-5000FD728C2D@lists.zabbadoz.net>
In-Reply-To: <20200318155046.GD65497@admin.sibptus.ru>
References:  <20200318151556.GA64871@admin.sibptus.ru> <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> <20200318155046.GD65497@admin.sibptus.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
On 18 Mar 2020, at 15:50, Victor Sudakov wrote:

>> If sshd in the host is configured to listen on all available 
>> interfaces and
>> addresses (the default) then it will catch your jails IP too.
>
> Why is it not catching the 192.168.4.204 address then?
>
>> You must configure sshd in the host to listen only on hosts IP and 
>> then you
>> will connect to the jails sshd.
>
> OK, I've stopped the sshd on the host entirely, and restarted the 
> jails.
> Why am I still not seeing the jailed sshd listening on tcp6?

Can you check the logfile inside the jail and see if it complains?

Can you then do a jexec test4 and run service sshd restart and see if it 
starts working?   If it does, can you add a

	exec.start += "sleep  2 ";

to your config and see if your problem goes away?  If it does, the 
reason is that you configure an IPv6 address to an interface and DUD has 
not yet completed by the time sshd or other daemons start.  Giving it 
the 2 seconds avoids this problem and the address is usable at that 
time.


> Your theory is probably incorrect.

The theory is incorrect.   The jail will always take precedence (at 
least since the multi-IP jail patches in 2008).


/bz



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CA69535-0F6C-40FC-83CF-5000FD728C2D>