From owner-freebsd-current@FreeBSD.ORG Wed Dec 28 17:17:27 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F73E16A420 for ; Wed, 28 Dec 2005 17:17:27 +0000 (GMT) (envelope-from harry@schmalzbauer.de) Received: from flb.schmalzbauer.de (flb.schmalzbauer.de [62.245.232.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id BABD943D53 for ; Wed, 28 Dec 2005 17:17:19 +0000 (GMT) (envelope-from harry@schmalzbauer.de) Received: from korso.flintsbach.schmalzbauer.de (korso.flintsbach.schmalzbauer.de [172.21.2.3]) by flb.schmalzbauer.de (8.13.4/8.13.4) with ESMTP id jBSHHIAd001506; Wed, 28 Dec 2005 18:17:18 +0100 (CET) (envelope-from harry@cale.flintsbach.schmalzbauer.de) Received: from cale.flintsbach.schmalzbauer.de (cale.flintsbach.schmalzbauer.de [172.21.1.254]) by korso.flintsbach.schmalzbauer.de (Postfix) with ESMTP id 1CFBFB62D; Wed, 28 Dec 2005 18:16:43 +0100 (CET) Received: from cale.flintsbach.schmalzbauer.de (localhost [127.0.0.1]) by cale.flintsbach.schmalzbauer.de (8.13.4/8.13.4) with ESMTP id jBSHHD54003352; Wed, 28 Dec 2005 18:17:13 +0100 (CET) (envelope-from harry@cale.flintsbach.schmalzbauer.de) Received: from localhost (localhost [[UNIX: localhost]]) by cale.flintsbach.schmalzbauer.de (8.13.4/8.13.4/Submit) id jBSHHCoT003351; Wed, 28 Dec 2005 18:17:12 +0100 (CET) (envelope-from harry@cale.flintsbach.schmalzbauer.de) From: Harald Schmalzbauer To: Olivier Houchard Date: Wed, 28 Dec 2005 18:17:05 +0100 User-Agent: KMail/1.8.1 References: <200508122159.01324@harrymail> <200508122219.34443@harrymail> <20050812235432.GA88046@ci0.org> In-Reply-To: <20050812235432.GA88046@ci0.org> X-Birthday: Oct. 6th 1972 X-CelPhone: +49 (0) 173 9967781 X-Tel: +49 (0) 89 18947781 X-Country: Germany X-Address: Munich, 80686 X-OS: FreeBSD MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2448963.yG2aHre4Jy"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200512281817.12715@harrymail> X-Mailman-Approved-At: Wed, 28 Dec 2005 18:04:20 +0000 Cc: freebsd-current@freebsd.org, Marko Zec Subject: Re: Jails with IP6 addresses? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Dec 2005 17:17:27 -0000 --nextPart2448963.yG2aHre4Jy Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Samstag, 13. August 2005 01:54 CEST schrieb Olivier Houchard: > On Fri, Aug 12, 2005 at 10:19:24PM +0200, Harald Schmalzbauer wrote: > > Hi Olivier, > > > > I have some more things to make clear with IPv6 so I'm quiet sure I'll > > need more than a week to make the new systems productive. > > I'd love to test your patchset, preferably on RELENG_6, that's what's > > on the CF-Cards and what I'd like to use for production service. > > > > Thanks a lot, > > > > -Harry (Emanuel is just the fake ID I use for mailinglists) > > So hi Harry :-) > > By curiosity, I had a look to see if it would be a lot of work to get my > patch to work on -CURRENT, and it turned out it was not as painful as I > feared (it was still long enough to make my girlfriend unhappy, but well > :)) So here is the patch, against -RELENG_6 (I didn't test it under > RELENG_6, as I have no RELENG_6 box, shame on me, but I suspect it'll > work as well). It has to be applied in src/. You'll of course have to > recompile your kernel, but you can skip the "make world" part by just > copying sys/sys/jail.h into /usr/include/sys and doing cd > /usr/src/usr.sbin/jail && make depend all install > > It basically adds a -6 optional flag to the jail command, which takes > the v6 addr you want to use as an argument. I did a quick test on my > laptop, it seems to still work. Beware however, I don't know the v6 code > well enough to warrant you you will be as secure as with a classic v4 > jail. That's why I wanted a proper review of this code before committing > it. I certainly hope it's the case, though. > > Tell me how it goes once you're done with your IPv6 setup. If all goes Hello Olivier, a little late but finally I'm about to setup a IPv6 only=20 environment. I'm using RELENG_6 from today with your patch but=20 unfortunately the jail doesn't "bind" to one ip6 address. gune:~#7: netstat -a | grep ssh tcp4 0 0 0.0.0.2.ssh *.* LISTEN tcp6 0 0 *.ssh *.* LISTEN tcp6 0 0 fec0::1:0:0:2:1.ssh *.* LISTEN See the second line, it's the ssh daemon running in the jail. I can connect= =20 to it also by ssh to fec0::2:0:0:1:5 although ifconfig inside the jail=20 shows: (only fec0::2:0:0:1:2) fxp0: flags=3D8843 mtu 1500 options=3D8 inet6 fec0::2:0:0:1:2 prefixlen 64 ether 00:e0:18:06:ad:59 media: Ethernet autoselect (100baseTX ) status: active em0: flags=3D8843 mtu 1500 options=3Db ether 00:0e:0c:34:2b:f8 media: Ethernet autoselect (1000baseTX ) status: active fwe0:=20 flags=3D108943=20 mtu 1500 options=3D8 ether 02:01:08:01:ea:60 ch 1 dma 0 lo0: flags=3D8049 mtu 16384 Unfortunately I couldn't find a way to redirect IPv4 addresses to IPv6 with= =20 pf on my router, so at the moment I won't keep using IPv6 with my jails,=20 but I'd highly appreciate ongoing IPv6 support :) Do you know anything about the network virtualization project? Will it be=20 adopted to -current? (http://tel.fer.hr/zec/vimage/) Thanks a lot, =2DHarry > well, I'll try harder to get it into the tree, if somebody else than > myself actually wants it :-) > > Cheers, > > Olivier --nextPart2448963.yG2aHre4Jy Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBDssiYBylq0S4AzzwRAmMRAJsGqO1RfZdLuTEgc/lGEw3vstKusQCePyn6 pvHX/0tSC5typ+J6CuCW6Tw= =5IXM -----END PGP SIGNATURE----- --nextPart2448963.yG2aHre4Jy--