From owner-freebsd-stable@FreeBSD.ORG Tue Sep 1 21:46:10 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 599D5106568D for ; Tue, 1 Sep 2009 21:46:10 +0000 (UTC) (envelope-from dam@sd-13813.dedibox.fr) Received: from sd-13813.dedibox.fr (my.gd [88.191.78.91]) by mx1.freebsd.org (Postfix) with ESMTP id E6E668FC08 for ; Tue, 1 Sep 2009 21:46:09 +0000 (UTC) Received: by sd-13813.dedibox.fr (Postfix, from userid 1001) id 7D00D2C9B801; Tue, 1 Sep 2009 23:29:40 +0200 (CEST) Date: Tue, 1 Sep 2009 23:29:40 +0200 From: FLEURIOT Damien To: John Hay Message-ID: <20090901212939.GA9713@sd-13813.dedibox.fr> References: <20090901201345.GA42379@zibbi.meraka.csir.co.za> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090901201345.GA42379@zibbi.meraka.csir.co.za> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-stable@freebsd.org Subject: Re: Not getting an IPv6 in a jail X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Sep 2009 21:46:10 -0000 On Tue, Sep 01, 2009 at 10:13:45PM +0200 or thereabouts, John Hay wrote: > On Tue, Sep 01, 2009 at 09:30:15PM +0200, Major Domo wrote: > > Hello list, > > > > > > Apologies if this has been discussed already but I searched the web > > and the mailing lists and haven't found hints on my problem. > > > > I've got a jail, I assign it a set of IP addresses, and it just won't > > take the IP6 I give it. > > > > > > Uname: > > FreeBSD 7.2-STABLE > > > > > > Sysctl jail MIBs: > > security.jail.jail_max_af_ips: 255 > > security.jail.mount_allowed: 0 > > security.jail.chflags_allowed: 0 > > security.jail.allow_raw_sockets: 1 > > security.jail.enforce_statfs: 2 > > security.jail.sysvipc_allowed: 0 > > security.jail.socket_unixiproute_only: 1 > > security.jail.set_hostname_allowed: 0 > > > > > > /etc/rc.conf settings: > > jail_enable="YES" > > jail_set_hostname_allow="NO" > > jail_list="ns" > > jail_ns_interface="lo252" > > jail_ns_hostname="[snip]" > > jail_ns_ip="192.168.0.252,fe80::c0a8:fc" > > jail_ns_rootdir="/var/jail/ns" > > jail_ns_devfs_enable="YES" > > > > > > jls -v: > > JID Hostname Path > > Name State > > CPUSetID > > IP Address(es) > > 23 [snip] /var/jail/ns > > ALIVE > > 2 > > 192.168.0.252 > > fe80::c0a8:fc > > > > > > ifconfig lo252 from the host: > > lo252: flags=8049 metric 0 mtu 16384 > > inet 192.168.0.252 netmask 0xffffffff > > inet6 fe80::c0a8:fc%lo252 prefixlen 128 scopeid 0x5 > > > > > > ifconfig from the jail: > > re0: flags=8843 metric 0 mtu 1500 > > options=389b > > ether 00:e0:f4:19:e9:d2 > > media: Ethernet autoselect (100baseTX ) > > status: active > > lo0: flags=8049 metric 0 mtu 16384 > > pflog0: flags=141 metric 0 mtu 33204 > > lo252: flags=8049 metric 0 mtu 16384 > > inet 192.168.0.252 netmask 0xffffffff > > > > > > ping6 from the host: > > PING6(56=40+8+8 bytes) fe80::c0a8:fc%lo252 --> fe80::c0a8:fc%lo252 > > 16 bytes from fe80::c0a8:fc%lo252, icmp_seq=0 hlim=64 time=0.082 ms > > > > > > I fail to see what could be going wrong :( > > > > Any pointers please ? > > I have not used jails with link-local addresses, only global addresses > and that works. It looks like you did not specify the whole link-local > address in the jail_*_ip line. You need to add the %interface for a > proper ipv6 link-local address, eg. fe80::c0a8:fc%lo252. Not everything > works with link-local addresses though and jail might be one of them. > > John > -- > John Hay -- jhay@meraka.csir.co.za / jhay@FreeBSD.org Thanks for the hint John, I just tried by appending the interface % and it still won't work any better: rc.conf: jail_ns_ip="192.168.0.252,fe80::c0a8:fc%lo252" jls -v output doesn't change. ifconfig output within the jail doesn't change. ifconfig output on the host's lo252 doesn't change. I'm afraid I don't have spare IP6s to assign to my public interface so I can't test much more. -- Damien Fleuriot