Date: Wed, 28 Dec 2005 18:17:05 +0100 From: Harald Schmalzbauer <harry@schmalzbauer.de> To: Olivier Houchard <cognet@ci0.org> Cc: freebsd-current@freebsd.org, Marko Zec <zec@icir.org> Subject: Re: Jails with IP6 addresses? Message-ID: <200512281817.12715@harrymail> In-Reply-To: <20050812235432.GA88046@ci0.org> References: <200508122159.01324@harrymail> <200508122219.34443@harrymail> <20050812235432.GA88046@ci0.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2448963.yG2aHre4Jy
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Am Samstag, 13. August 2005 01:54 CEST schrieb Olivier Houchard:
> On Fri, Aug 12, 2005 at 10:19:24PM +0200, Harald Schmalzbauer wrote:
> > Hi Olivier,
> >
> > I have some more things to make clear with IPv6 so I'm quiet sure I'll
> > need more than a week to make the new systems productive.
> > I'd love to test your patchset, preferably on RELENG_6, that's what's
> > on the CF-Cards and what I'd like to use for production service.
> >
> > Thanks a lot,
> >
> > -Harry (Emanuel is just the fake ID I use for mailinglists)
>
> So hi Harry :-)
>
> By curiosity, I had a look to see if it would be a lot of work to get my
> patch to work on -CURRENT, and it turned out it was not as painful as I
> feared (it was still long enough to make my girlfriend unhappy, but well
> :)) So here is the patch, against -RELENG_6 (I didn't test it under
> RELENG_6, as I have no RELENG_6 box, shame on me, but I suspect it'll
> work as well). It has to be applied in src/. You'll of course have to
> recompile your kernel, but you can skip the "make world" part by just
> copying sys/sys/jail.h into /usr/include/sys and doing cd
> /usr/src/usr.sbin/jail && make depend all install
>
> It basically adds a -6 optional flag to the jail command, which takes
> the v6 addr you want to use as an argument. I did a quick test on my
> laptop, it seems to still work. Beware however, I don't know the v6 code
> well enough to warrant you you will be as secure as with a classic v4
> jail. That's why I wanted a proper review of this code before committing
> it. I certainly hope it's the case, though.
>
> Tell me how it goes once you're done with your IPv6 setup. If all goes
Hello Olivier, a little late but finally I'm about to setup a IPv6 only=20
environment. I'm using RELENG_6 from today with your patch but=20
unfortunately the jail doesn't "bind" to one ip6 address.
gune:~#7: netstat -a | grep ssh
tcp4 0 0 0.0.0.2.ssh *.* LISTEN
tcp6 0 0 *.ssh *.* LISTEN
tcp6 0 0 fec0::1:0:0:2:1.ssh *.* LISTEN
See the second line, it's the ssh daemon running in the jail. I can connect=
=20
to it also by ssh to fec0::2:0:0:1:5 although ifconfig inside the jail=20
shows: (only fec0::2:0:0:1:2)
fxp0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=3D8<VLAN_MTU>
inet6 fec0::2:0:0:1:2 prefixlen 64
ether 00:e0:18:06:ad:59
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=3Db<RXCSUM,TXCSUM,VLAN_MTU>
ether 00:0e:0c:34:2b:f8
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
fwe0:=20
flags=3D108943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NEEDSGIANT>=20
mtu 1500
options=3D8<VLAN_MTU>
ether 02:01:08:01:ea:60
ch 1 dma 0
lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
Unfortunately I couldn't find a way to redirect IPv4 addresses to IPv6 with=
=20
pf on my router, so at the moment I won't keep using IPv6 with my jails,=20
but I'd highly appreciate ongoing IPv6 support :)
Do you know anything about the network virtualization project? Will it be=20
adopted to -current? (http://tel.fer.hr/zec/vimage/)
Thanks a lot,
=2DHarry
> well, I'll try harder to get it into the tree, if somebody else than
> myself actually wants it :-)
>
> Cheers,
>
> Olivier
--nextPart2448963.yG2aHre4Jy
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
iD8DBQBDssiYBylq0S4AzzwRAmMRAJsGqO1RfZdLuTEgc/lGEw3vstKusQCePyn6
pvHX/0tSC5typ+J6CuCW6Tw=
=5IXM
-----END PGP SIGNATURE-----
--nextPart2448963.yG2aHre4Jy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512281817.12715>