From owner-freebsd-questions@freebsd.org Thu Jun 6 16:47:33 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8AA6615B9334 for ; Thu, 6 Jun 2019 16:47:33 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1D02975276 for ; Thu, 6 Jun 2019 16:47:33 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "Let's Encrypt Authority X3" (verified OK)) (Authenticated sender: matthew/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id C2941D83B for ; Thu, 6 Jun 2019 16:47:32 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from leaf.local (unknown [88.212.184.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 96FB875E for ; Thu, 6 Jun 2019 16:47:31 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk/96FB875E; dkim=none; dkim-atps=neutral Subject: Re: to jail or not to jail To: freebsd-questions@freebsd.org References: <20190603101917.GA76784@home.lan> From: Matthew Seaman Message-ID: Date: Thu, 6 Jun 2019 17:47:30 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 1D02975276 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.98)[-0.979,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jun 2019 16:47:33 -0000 On 06/06/2019 05:41, David Mehler wrote: > 1. how do I divide the /64 ipv6 address so that each jail can have an > ipv6 address as well as an ipv4 address. Just assign IPv6 addresses in much the same way as you'ld assign IPv4 addresses. The syntax in /etc/rc.conf or /etc/jail.conf is very similar to the IPv4 case, and pretty clearly explained in the man pages. For traditional jails, you will need to assign addresses manually, but for vimage jails you should be able to use SLAAC. The hard part about assigning IPv6 addresses is that you have so many to choose from. There are many different schemes for IPv6 address assignment out there, but the one I like is just 'choose an address at random out of the /64 range.' I wrote a small perl script to do just that many moons ago: http://www.infracaninophile.co.uk/articles/hotchpotch/#rand-aaaa.pl Cheers, Matthew