From owner-freebsd-net@freebsd.org Thu Mar 19 07:01:11 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A52DF27D3A9; Thu, 19 Mar 2020 07:01:11 +0000 (UTC) (envelope-from vas@sibptus.ru) Received: from admin.sibptus.ru (admin.sibptus.ru [IPv6:2001:19f0:5001:21dc::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jd9L19XCz3yCk; Thu, 19 Mar 2020 07:01:09 +0000 (UTC) (envelope-from vas@sibptus.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date; bh=SrrWQ/adiIMbShlh5jcsTiA/DPdG9GQeWNdp3olMuOc=; b=Z8CkS4fEqIDPmD3Mcd+nFYVthz jPFWAvqAWMxKatYpXrk9ObkvnTV2ZW5dZ4h8stHtawYE5J+uRzPGAYTnz8DfGKToeOM2NCu28adVW 7i1mch9AWClAuWXi9aPDMpKyziYYuuduF+vtiGm+SDRxk7wDg9pWdqL8fx4NenRcvnUQ=; Received: from vas by admin.sibptus.ru with local (Exim 4.93.0.4 (FreeBSD)) (envelope-from ) id 1jEpAx-000MRZ-Nr; Thu, 19 Mar 2020 14:01:07 +0700 Date: Thu, 19 Mar 2020 14:01:07 +0700 From: Victor Sudakov To: Jacques Foucry Cc: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 in jails Message-ID: <20200319070107.GA86122@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <20200318164836.GO25617@foucry.net> <20200319022224.GB80800@admin.sibptus.ru> <20200319065514.GQ25617@foucry.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zhXaljGHf11kAtnf" Content-Disposition: inline In-Reply-To: <20200319065514.GQ25617@foucry.net> X-PGP-Key: http://admin.sibptus.ru/~vas/ X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 X-Rspamd-Queue-Id: 48jd9L19XCz3yCk X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=sibptus.ru header.s=20181118 header.b=Z8CkS4fE; dmarc=pass (policy=none) header.from=sibptus.ru; spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru X-Spamd-Result: default: False [-8.43 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.97)[-0.974,0]; R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[freebsd]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[sibptus.ru:+]; DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(-3.36)[ip: (-9.89), ipnet: 2001:19f0:5000::/38(-4.94), asn: 20473(-1.92), country: US(-0.05)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2020 07:01:11 -0000 --zhXaljGHf11kAtnf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Jacques Foucry wrote: > > >=20 > > > >=20 > > > > Is IPv6 in jails supposed to work? Does not work for me, what am I = doing > > > > wrong? > > >=20 > > > Suppose to work, and work for me. > > > >=20 > > > > Here is a test jail: > > > >=20 > > > > test4 {=20 > > > > path =3D /d02/jails/test4 ; > > > > mount.devfs; > > > > ip4 =3D new; > > > > ip6 =3D new; > > > > ip4.addr =3D 192.168.4.204/24; > > > > ip6.addr =3D 2001:470:ecba:3::4/64; > > > > host.hostname =3D test4.vas.sibptus.ru ; > > > > interface =3D re1 ; > > > > allow.raw_sockets =3D true ; > > > > exec.start =3D "/bin/sh /etc/rc"; > > > > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > > > > } > > >=20 > > >=20 > > > Well there is a difference between your config and mine: > > >=20 > > > ip6.addr=3D"em0|2a01:4f9:4a:1fd8::16/64"; > > >=20 > > > In my config there is the interface to use (em0 in my case, re1 shoul= d be in > > > yours) > >=20 > > I have a more generic "interface =3D re1" statement, but replacing it w= ith > > ip6.addr =3D "re1|2001:470:ecba:3::4" did not produce any effect on the > > jailed daemons. > >=20 > > Of course the IPv6 address is present on re1 in both cases (my > > syntax and your syntax). When the jail is stopped, the address goes > > away. >=20 > Did you try to declare the IPv6 as an alias in=20 > /etc/rc.conf file? >=20 > # Jail Mail > ifconfig_em0_alias4=3D"inet6 2a01:4f9:4a:1fd8::17 prefixlen 64" No, I'd prefer for these addresses to be handled by the jail infrastructure. That is, I want an address to appear when the corresponding jail goes up, and to disapper when the jail is shut down. >=20 > Restarting the network stack will make ip persistent and I hope usable by= your > jail. >=20 I don't want it persistent. If a jail is shut down but its address persists, it can have undesirable consequences of it suddenly pointing at the host system. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --zhXaljGHf11kAtnf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJecxizAAoJEA2k8lmbXsY00xgH+gNZEBMynxv8LI+YTCqkzMbL 2tWPkoQyVrEnwBTKk6M51m0L8V/ZWhwOIGuNclZwpupFVaUZyeqzGm5y/1ib6ok5 dxNnGINsATz/ilule82e6TDzIFY04wDqo6b0ZfTpWiYLH0ixBF8hKWZzELt0eNuc 2WQYsHb8SgG3GJ4ro4jeXhK+rUxZXkn7VHl80BU0zqjdXWZuyM8Co9bKfXv8Dcj7 ah5na3//wS3uJfXs/3jU6qD77LUv2iMjZNi1C3vcxnoEuSvAnoxxwXGa88f9WsxJ 8mepSNdSQJMuXk0apQjs77c0iK7d96UQHfuIRABGPn1UYF1BAVkSW9B2hdyoEWc= =xZqU -----END PGP SIGNATURE----- --zhXaljGHf11kAtnf--