From owner-freebsd-questions@freebsd.org Mon Jun 3 13:32:40 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 015A315B13B3 for ; Mon, 3 Jun 2019 13:32:40 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0F92280A02 for ; Mon, 3 Jun 2019 13:32:39 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-wr1-x436.google.com with SMTP id e16so3844788wrn.1 for ; Mon, 03 Jun 2019 06:32:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=HjvHmXfB05SHy/oijhz6W0ecvYiJgIZYtlwjZAZB0zE=; b=JTAogcTjUkw54K/DmJORi6fR6okR6w6YjiN9+huJBMaRdgKRha6HYg1tt+TenpgfQe Exj8PC5M6kKymkfeyq+8eym9lTfTWgoUigoSw9m5AFxn50xdOM37L+mOyUtu1eeu9V6O hR+Ss5lD+QBxvyvLlaTxJvlwmuKYtu35niX0evk8PbixWx/W58kTP7bApDcbhbnye8j2 LFOEvW0hyY2urQP9c59uIOIjtvTP/+/4LqSvzpZ1N4razqTTG/ZPOhWdl1My6vuObHCJ I/euweCtVMK4rbzsWwhjpj1jk3AhFyAyT2wWOJY992+IzMmxYdzeoHum1DbDuaJ16OUY KlDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=HjvHmXfB05SHy/oijhz6W0ecvYiJgIZYtlwjZAZB0zE=; b=E6BM4APKwmZQ3kHXhpuXnbBmkhHdGC7ZXm8Hqik3mlLr7MQeOn5HPePpPUAr7BcyAe fjtoUETQ5S7m+TuTKiA7UvZ6znUavFeGlyNmPh+vfgQ5xopNFdlGfr5FyUiFe+0xhg3v 2tLy04OangbxvKfF9zkEABGpq12V2AZxzYxDKlbFKlp06eRdScEz5D7Xw5lvxdzC3qXM ke55JoJXPNaBcAAazM0SOr7yQgezyPJyAVzgb1CxuLI35hvK3IzzJwM7eTwVUVxu4m1R jm+q8Solhl7MksutL67l2Q6JRukDxsHHQgqMHpQT82VFIjE4v/e2Z0I4jfPt00e3ZdAt de0g== X-Gm-Message-State: APjAAAUfXe22yd6YYOkVxYGVLtC20XsL9H+nkBJiJy71YguUtGI8gcoC ahTLrOvFHcRyqoG6bfLOd2NgRDb/Wx4bvDwbU9NAaGiX X-Google-Smtp-Source: APXvYqyYWPfftzlGQZwN4Re0WYMBV0ntRvNdh0cgs5khLpij049twpNN1VwuKHBwEMnlRFWJahkjQWm66TPxLYcUcAE= X-Received: by 2002:a5d:5542:: with SMTP id g2mr2565819wrw.232.1559568757768; Mon, 03 Jun 2019 06:32:37 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:adf:a709:0:0:0:0:0 with HTTP; Mon, 3 Jun 2019 06:32:36 -0700 (PDT) From: David Mehler Date: Mon, 3 Jun 2019 09:32:36 -0400 Message-ID: Subject: freebsd, multiple jails, each ipv6 addressable and with pf To: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 0F92280A02 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=JTAogcTj; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of davemehler@gmail.com designates 2a00:1450:4864:20::436 as permitted sender) smtp.mailfrom=davemehler@gmail.com X-Spamd-Result: default: False [-6.75 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.96)[-0.959,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-2.79)[ip: (-9.39), ipnet: 2a00:1450::/32(-2.20), asn: 15169(-2.28), country: US(-0.06)]; RCVD_IN_DNSWL_NONE(0.00)[6.3.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jun 2019 13:32:40 -0000 Hello, I've got a Freebsd 12.0 system that has a single public ipv4 and a single? (I think) ipv6 address also public. Right now I've got a cloned interface and a pf nat setup so that any jailed hosts on that interface will get out to the internet and internet traffic can get to them. Currently just a web server is up and I've only atempted to get to it via ipv4, which works fine. My questions, are my pf is not doing anything with ipv6 packets at the moment so does that mean what I'm thinking that the block all rule explicitly blocks them? Second, also on pf I want to have a rule pair, for each ipv4 rule that allows access i'd like to have an ipv6 rule that also allows access. Also, how do I assign an ipv6 address to this host? The realm of ipv6 is quite new to me. Thanks. Dave.