From nobody Sun Jan 7 17:51:06 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T7Prv4MXzz55Xqs for ; Sun, 7 Jan 2024 17:51:43 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from smtp6.goneo.de (smtp6.goneo.de [IPv6:2001:1640:5::8:31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4T7Prt65TYz4Q6Y for ; Sun, 7 Jan 2024 17:51:42 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=walstatt-de.de header.s=DKIM001 header.b="nun/2zXl"; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd@walstatt-de.de has no SPF policy when checking 2001:1640:5::8:31) smtp.mailfrom=freebsd@walstatt-de.de Received: from hub2.goneo.de (hub2.goneo.de [IPv6:2001:1640:5::8:53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp6.goneo.de (Postfix) with ESMTPS id 523ED240654 for ; Sun, 7 Jan 2024 18:51:34 +0100 (CET) Received: from hub2.goneo.de (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by hub2.goneo.de (Postfix) with ESMTPS id 2B6352403AA for ; Sun, 7 Jan 2024 18:51:34 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walstatt-de.de; s=DKIM001; t=1704649894; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Pclf/gBhhivNNlrmoftPuKPjjcKUoUZG2j53Qh/MGTI=; b=nun/2zXlMwEozuqxU9fOOSoUn8k2Dp6NfHaosoEzZ0SlqYoWs8eJVGkeV9V2Y4Hq5jSjVj oYECYbOJzeUVZDy79H802iA/1is0qPFIdMYNPgSu4P6X/BzSnl/0rHfnrif+ottxEacaEY +UZ91+O+uxjlE0JjCoTETZPJMLgU8IETkcGG8nH1RtagIPheoF6uwGcKQBLGOaIbofIJWa sqJMAm51I+s/DDUg72Hmk4NZacJP2tZGz5Dcu/tc/vR/Yc8iIje5NPesBOcT1VxWythV4Y EYTeRLcRI0R0mNOpnlppI/d+pMO4RmBiU3lIiiwsSysm+eRF73q08ttWhavSiQ== Received: from thor.intern.walstatt.dynvpn.de (dynamic-077-011-063-204.77.11.pool.telefonica.de [77.11.63.204]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by hub2.goneo.de (Postfix) with ESMTPSA id 032B0240269 for ; Sun, 7 Jan 2024 18:51:33 +0100 (CET) Date: Sun, 7 Jan 2024 18:51:06 +0100 From: FreeBSD User To: FreeBSD CURRENT Subject: IPFW/IPv6 problem with JAIL: JAIL cannot ping -6 host until host first pings jail (ipv6) Message-ID: <20240107185133.68824d89@thor.intern.walstatt.dynvpn.de> Organization: walstatt-de.de List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-UID: 027eb8 X-Rspamd-UID: 76e3a7 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.30 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[walstatt-de.de:s=DKIM001]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:25394, ipnet:2001:1640::/32, country:DE]; MISSING_XM_UA(0.00)[]; DMARC_NA(0.00)[walstatt-de.de]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; RCVD_COUNT_THREE(0.00)[3]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; R_SPF_NA(0.00)[no SPF record]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[walstatt-de.de:+] X-Rspamd-Queue-Id: 4T7Prt65TYz4Q6Y Hello, I've got a problem with recent CURRENT, running vnet JAILs. FreeBSD 15.0-CURRENT #28 main-n267432-e5b33e6eef7: Sun Jan 7 13:18:15 CET 2024 amd64 Main Host has IPFW configured and is open for services like OpenLDAP on UDP/TCP and ICMP (ipfw is configured via rc.conf in this case, host is listening on both protocol families IPv4 and IPv6). The host itself has openldap-server 2.6 as a service. The host's interface is igb0 with assigned ULA. JAILs (around eight jails) are sharing their vnet interfaces via a bridge with the same physical device as the host (igb0). After a while (the time elapsed is unspecific) the jail is unable to contact the host via IPv6: neither UDP, TCP nor ICMP sent from the JAIL is reaching the host. IPv4 is working like a charme! No problems there. When pinging the Jail from the main host via ping -6, the jail is responding! After the first ping -6, the jail now is able to ping -6 the main host. After a fresh reboot, the problem is not present and occurs after a while and it seems to happen first to very active jails. Kind regards, oh -- O. Hartmann