From owner-freebsd-net@freebsd.org Sat Mar 21 12:52:44 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E13902620D8 for ; Sat, 21 Mar 2020 12:52:44 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from sapphire.magnetkern.de (sapphire.magnetkern.de [185.228.139.199]) by mx1.freebsd.org (Postfix) with ESMTP id 48l0t40FRbz3MDC for ; Sat, 21 Mar 2020 12:52:43 +0000 (UTC) (envelope-from jbe-mlist@magnetkern.de) Received: from titanium (p5DD45C70.dip0.t-ipconnect.de [93.212.92.112]) by sapphire.magnetkern.de (Postfix) with ESMTPSA id 8E204240; Sat, 21 Mar 2020 12:52:37 +0000 (UTC) Date: Sat, 21 Mar 2020 13:52:37 +0100 From: Jan Behrens To: Victor Sudakov Cc: freebsd-net@freebsd.org, "Bjoern A. Zeeb" Subject: Re: IPv6 in jails Message-Id: <20200321135237.12c09875dc0d695bdc99349d@magnetkern.de> In-Reply-To: <20200321043502.GA51499@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru> <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> <20200318155046.GD65497@admin.sibptus.ru> <4CA69535-0F6C-40FC-83CF-5000FD728C2D@lists.zabbadoz.net> <20200319184502.02545d3a849fd60fe63a717f@magnetkern.de> <20200321043502.GA51499@admin.sibptus.ru> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48l0t40FRbz3MDC X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of jbe-mlist@magnetkern.de designates 185.228.139.199 as permitted sender) smtp.mailfrom=jbe-mlist@magnetkern.de X-Spamd-Result: default: False [2.74 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; URIBL_BLOCKED(0.00)[tomsk.ru.multi.uribl.com]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[magnetkern.de]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_MEDIUM(0.95)[0.951,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(0.96)[0.962,0]; IP_SCORE(0.53)[ipnet: 185.228.136.0/22(3.25), asn: 197540(-0.61), country: DE(-0.02)]; RCVD_NO_TLS_LAST(0.10)[]; RECEIVED_SPAMHAUS_PBL(0.00)[112.92.212.93.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:197540, ipnet:185.228.136.0/22, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2020 12:52:45 -0000 On Sat, 21 Mar 2020 11:35:02 +0700 Victor Sudakov wrote: > Jan Behrens wrote: > > > > > Can you then do a jexec test4 and run service sshd restart and see if it > > > starts working? > > > > I experienced the same problem as discussed in this thread when I set > > up IPv6 with my server. Strangely, when I rebooted the host system and > > simply started the jails one after the other (with a freshly booted > > host system), the problem didn't occur, but maybe that was just random. > > > > A "service sshd restart" inside the jail always seemed to help, which > > is why I also assumed there was some sort of race condition. But maybe > > it is related to some addresses being in use yet when restarting a jail? > > Does this happen only with IPv6 jail addresses? Yes, I did not notice any problem with the IPv4 addresses. When I do "jexec -l csh -l" and then enter "netstat -an", I see that sometimes sshd does not listen on the configured IPv6 address but on the configured IPv4 address. Whenever this happens, I can solve it with "service sshd restart" inside the jail. It also does not seem to happen when I reboot the host system and start the jails for the first time. In that case, sshd listens on both IPv4 and IPv6 (at least when I last tried, I'm not sure if this always works). > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas.tomsk.ru/ -- Jan