From owner-freebsd-jail@FreeBSD.ORG Thu Sep 3 05:59:04 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EEE8A106566B; Thu, 3 Sep 2009 05:59:04 +0000 (UTC) (envelope-from spry@anarchy.in.the.ph) Received: from mail-px0-f178.google.com (mail-px0-f178.google.com [209.85.216.178]) by mx1.freebsd.org (Postfix) with ESMTP id C84BD8FC1A; Thu, 3 Sep 2009 05:59:04 +0000 (UTC) Received: by pxi8 with SMTP id 8so152909pxi.9 for ; Wed, 02 Sep 2009 22:59:04 -0700 (PDT) MIME-Version: 1.0 Received: by 10.115.134.4 with SMTP id l4mr7638935wan.118.1251954840678; Wed, 02 Sep 2009 22:14:00 -0700 (PDT) In-Reply-To: <200909022304.n82N4PHe079957@drugs.dv.isc.org> References: <20090901200313.J68375@maildrop.int.zabbadoz.net> <20090902160440.GA28417@sd-13813.dedibox.fr> <200909022304.n82N4PHe079957@drugs.dv.isc.org> Date: Thu, 3 Sep 2009 13:13:58 +0800 Message-ID: From: Mars G Miro To: Mark Andrews , FLEURIOT Damien , "Bjoern A. Zeeb" , freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Subject: Re: Not getting an IPv6 in a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Sep 2009 05:59:05 -0000 On Thu, Sep 3, 2009 at 7:04 AM, Mark Andrews wrote: > > In message <20090902160440.GA28417@sd-13813.dedibox.fr>, FLEURIOT Damien = writes > : >> On Tue, Sep 01, 2009 at 08:15:24PM +0000 or thereabouts, Bjoern A. Zeeb = wrote >> : >> > On Tue, 1 Sep 2009, Major Domo wrote: >> > >> > Hi, >> > >> > >Apologies if this has been discussed already but I searched the web >> > >and the mailing lists and haven't found hints on my problem. >> > > >> > >I've got a jail, I assign it a set of IP addresses, and it just won't >> > >take the IP6 I give it. >> > > >> > > >> > >Uname: >> > >FreeBSD 7.2-STABLE >> > > >> > >jail_ns_ip=3D"192.168.0.252,fe80::c0a8:fc" >> > > >> > >jls -v: >> > > =A0JID =A0Hostname =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Path >> > > =A0 =A0 =A0 Name =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= State >> > > =A0 =A0 =A0 CPUSetID >> > > =A0 =A0 =A0 IP Address(es) >> > > =A0 23 =A0[snip] =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/var/jai= l/ns >> > > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 ALIVE >> > > =A0 =A0 =A0 2 >> > > =A0 =A0 =A0 192.168.0.252 >> > > =A0 =A0 =A0 fe80::c0a8:fc >> > > >> > > >> > >ifconfig lo252 from the host: >> > >lo252: flags=3D8049 metric 0 mtu 16384 >> > > =A0 =A0 =A0 inet 192.168.0.252 netmask 0xffffffff >> > > =A0 =A0 =A0 inet6 fe80::c0a8:fc%lo252 prefixlen 128 scopeid 0x5 >> > > >> > > >> > >ifconfig from the jail: >> > >re0: flags=3D8843 metric 0 mt= u 1500 >> > > =A0 =A0 =A0 options=3D389b> UCAST,WOL_MCAST,WOL_MAGIC> >> > > =A0 =A0 =A0 ether 00:e0:f4:19:e9:d2 >> > > =A0 =A0 =A0 media: Ethernet autoselect (100baseTX ) >> > > =A0 =A0 =A0 status: active >> > >lo0: flags=3D8049 metric 0 mtu 16384 >> > >pflog0: flags=3D141 metric 0 mtu 33204 >> > >lo252: flags=3D8049 metric 0 mtu 16384 >> > > =A0 =A0 =A0 inet 192.168.0.252 netmask 0xffffffff >> > >> > >> > This is a rather special case. =A0For link-local addresses you have to >> > give the scope as well but it won't take the scope with the %lo252 >> > notation but only in the KAME in-kernel syntax I would assume. >> > Can you try: >> > >> > jail_ns_ip=3D"192.168.0.252,fe80:5::c0a8:fc" >> > >> > Note the added 5 in the second group of hex digits. =A0That five is th= e >> > interface index. =A0I took it from the "scopeid 0x5". In case your >> > interface index changes you will need to adjust the address. >> > >> > I cannot say if it'll work but it would be worth a try. >> > >> > /bz >> > >> > -- >> > Bjoern A. Zeeb =A0 =A0 =A0 =A0 =A0 What was I talking about and who ar= e you again? >> >> >> Hi list, Bjoern, John, >> >> >> I confirm it is now working with the following line in /etc/rc.conf: >> jail_ns_ip=3D"192.168.0.252,fec0:5::df:252" >> >> along with redirections in /etc/pf.conf: >> rdr pass log on $ext_if inet proto {tcp,udp} to $ext_if port 53 -> >> $lo252_if port 53 >> rdr pass log on $ext_if inet6 proto {tcp,udp} to $ext_if port 53 -> >> $lo252_if port 53 >> >> >> Notice the use of both the interface's index and a site-local ip6 >> address instead of the old fe80 as suggested. >> >> BIND's now happily running in its jail and responding to public >> queries. >> >> >> Perhaps a small addition to the jails entry in the Handbook to >> advise people about the use of IP6 addresses on loopback interfaces >> would be warranted ? >> >> I realize how lousy it is to NAT IP6 but my host assigns only 1 >> IP6 address per server. > > Then complain. =A0There is no reason to be miserly with IPv6 addresses. > True that. Or just sign up @HE. They can give you up to 4 tunnels w/ a /64 and a /48 (if you opt) for each of these 4 tunnels! All you hafta do is give them your contact info and a public IPv4 and it doesn't hafta be static --- there are tools to update their records.. >> Thanks for the help ! >> >> Regards >> >> -- >> Damien >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org= " > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 INTERNET: marka@is= c.org > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > --=20 cheers mars ----- Marie von Ebner-Eschenbach - "Even a stopped clock is right twice a day." - http://www.brainyquote.com/quotes/authors/m/marie_von_ebnereschenba= c.html