Date: Wed, 2 Sep 2009 18:04:42 +0200 From: FLEURIOT Damien <ml-SPAM@my.gd> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-jail@FreeBSD.org, freebsd-stable@freebsd.org Subject: Re: Not getting an IPv6 in a jail Message-ID: <20090902160440.GA28417@sd-13813.dedibox.fr> In-Reply-To: <20090901200313.J68375@maildrop.int.zabbadoz.net> References: <ff6efe7e0909011230i414b6791k707f5c58383e9b53@mail.gmail.com> <20090901200313.J68375@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 01, 2009 at 08:15:24PM +0000 or thereabouts, Bjoern A. Zeeb wrote:
> On Tue, 1 Sep 2009, Major Domo wrote:
>
> Hi,
>
> >Apologies if this has been discussed already but I searched the web
> >and the mailing lists and haven't found hints on my problem.
> >
> >I've got a jail, I assign it a set of IP addresses, and it just won't
> >take the IP6 I give it.
> >
> >
> >Uname:
> >FreeBSD 7.2-STABLE
> >
> >jail_ns_ip="192.168.0.252,fe80::c0a8:fc"
> >
> >jls -v:
> > JID Hostname Path
> > Name State
> > CPUSetID
> > IP Address(es)
> > 23 [snip] /var/jail/ns
> > ALIVE
> > 2
> > 192.168.0.252
> > fe80::c0a8:fc
> >
> >
> >ifconfig lo252 from the host:
> >lo252: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> > inet 192.168.0.252 netmask 0xffffffff
> > inet6 fe80::c0a8:fc%lo252 prefixlen 128 scopeid 0x5
> >
> >
> >ifconfig from the jail:
> >re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> > options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
> > ether 00:e0:f4:19:e9:d2
> > media: Ethernet autoselect (100baseTX <full-duplex>)
> > status: active
> >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> >pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
> >lo252: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> > inet 192.168.0.252 netmask 0xffffffff
>
>
> This is a rather special case. For link-local addresses you have to
> give the scope as well but it won't take the scope with the %lo252
> notation but only in the KAME in-kernel syntax I would assume.
> Can you try:
>
> jail_ns_ip="192.168.0.252,fe80:5::c0a8:fc"
>
> Note the added 5 in the second group of hex digits. That five is the
> interface index. I took it from the "scopeid 0x5". In case your
> interface index changes you will need to adjust the address.
>
> I cannot say if it'll work but it would be worth a try.
>
> /bz
>
> --
> Bjoern A. Zeeb What was I talking about and who are you again?
Hi list, Bjoern, John,
I confirm it is now working with the following line in /etc/rc.conf:
jail_ns_ip="192.168.0.252,fec0:5::df:252"
along with redirections in /etc/pf.conf:
rdr pass log on $ext_if inet proto {tcp,udp} to $ext_if port 53 ->
$lo252_if port 53
rdr pass log on $ext_if inet6 proto {tcp,udp} to $ext_if port 53 ->
$lo252_if port 53
Notice the use of both the interface's index and a site-local ip6
address instead of the old fe80 as suggested.
BIND's now happily running in its jail and responding to public
queries.
Perhaps a small addition to the jails entry in the Handbook to
advise people about the use of IP6 addresses on loopback interfaces
would be warranted ?
I realize how lousy it is to NAT IP6 but my host assigns only 1
IP6 address per server.
Thanks for the help !
Regards
--
Damien
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090902160440.GA28417>