From owner-freebsd-questions@freebsd.org Tue Aug 7 20:13:19 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61D981069F0C for ; Tue, 7 Aug 2018 20:13:19 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E9B7780021 for ; Tue, 7 Aug 2018 20:13:18 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x235.google.com with SMTP id v26-v6so15092937iog.5 for ; Tue, 07 Aug 2018 13:13:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=GsyDLERpdCeprlMl0/M/BUiLoGf97AEwZg3W+XvpfX8=; b=jVuaOdlmjfHlDI9Ze01p5qRTkhwO9xVZyWyq+FXmgG6O9YDxcYrU+jcEObiMLiTRYs JQULXcwbxJTyPoDmq0ZhF3M3gzRnMzKEMyZOGfFx55OFnBjTKzTrVYFJuiGp/yCgktUl bolv5yBMnidBfASTZ2ZExZtvXFYDjt9r4uHAexbjfEIErgR6xZ3UEJcXJL/Jdey1zc4x jS90FOXKVPujd49FQ+cqT9f3J4oARmZlPdiFQ0Y90zmU8peJzhPJ0Iltgzoq+sh14w8S qjUq0UHeNmVzou0k5ObnEsZbxQ8P/hij4jwvmBaGGSAsiP/xmz35oVW4jiqSsi3iF91i rt+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=GsyDLERpdCeprlMl0/M/BUiLoGf97AEwZg3W+XvpfX8=; b=B8ttsgbYstbBYGRNb36vSdF9QRDCmqJBjN1fhMZRPGgkpub+yThXLdoorjkLosO+xa LBnnhCn5ATjPt9OebgIUl9YcgVXP4U3Lb4xXk53wLPtwudchQjgRIhMsIUWffyT76Hgl l0PY/klTGt701vnDu2r4NZOvPjInG+YtoEdfKULt5y+00z31Ocy9n8oFgJ4CtZZ1Y82S brPYp8Ydpfj9hWkBLUen253nLpSl8tAGkuDdoG+tA0gra13mZ4MneByYjDUTmPLuwJit BK5otAAD8fjm5ADZSeg/g7Hd5VkSPei/zJXd3TiDr/BFnjRlVoPJq6bxIqd4Reyu9W99 Jw/A== X-Gm-Message-State: AOUpUlEJ4ftBEtJu4Ec5BQq9kzm/nhsUp14OX9Co+oOs/9zjK2nt2hxx 7aFfDLlrRYa2dPDvyjl3czU= X-Google-Smtp-Source: AA+uWPyFNCi9PQqd2jftg4h8Pq8zIClZU+CI5bS90t9tO4zP/k6GIJvakxS+gyGUahGGD8TQd1sy4g== X-Received: by 2002:a5e:860e:: with SMTP id z14-v6mr1975176ioj.67.1533672798402; Tue, 07 Aug 2018 13:13:18 -0700 (PDT) Received: from [10.0.10.7] (cpe-65-25-48-31.neo.res.rr.com. [65.25.48.31]) by smtp.googlemail.com with ESMTPSA id g198-v6sm6463845itg.4.2018.08.07.13.13.17 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 07 Aug 2018 13:13:17 -0700 (PDT) Message-ID: <5B69FD5D.5090500@gmail.com> Date: Tue, 07 Aug 2018 16:13:17 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Philipp Vlassakakis CC: shamim.shahriar@gmail.com, FreeBSD Mailing List Subject: Re: Jails - IPv4 and IPv6 References: <5B6895CB.1070004@gmail.com> <8ACAABE6-5054-4AFC-81F1-2909F9D69EF8@lists.vlassakakis.de> In-Reply-To: <8ACAABE6-5054-4AFC-81F1-2909F9D69EF8@lists.vlassakakis.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Aug 2018 20:13:19 -0000 Philipp Vlassakakis wrote: >> Am 06.08.2018 um 20:21 schrieb Shamim Shahriar : > >> Hi Philipp >> >> I'm using both IPv4 and IPv6 in my vNet jails. The IPv4 gets configured via the jail.conf, while v6 is via rc.conf from inside the jail, two lines to define v6 on epair and the gw as well. If you need, u can send you the configurations later. >> >> They are quite stable, the pf on the hosts controls the access, works as expected. >> >> Regards >> > > > I would like to configure the IP addresses outside the jails, because customers may access these jails and I don't want customers to be able to simply change the IP addresses which might lead to the Jail being unreachable from the „outside“. There are many different ways to configure non-vnet jails to use IPV6 addresses. The whole purposes of jails is to contain any user of that jail to the jail. Defining ip address in the rc.conf of the jail is not the way to do it. For jail security jail.conf is where IPV6 & IPV4 addresses are assigned to the jail. As long as you don't give jail users access to the host where the jail is run on, jail users will not be able to change the jail's IP addresses and have it work.