From owner-freebsd-jail@freebsd.org Wed Apr 26 15:19:54 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 98AB1D50D18 for ; Wed, 26 Apr 2017 15:19:54 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gritton.org", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 71CD61F57 for ; Wed, 26 Apr 2017 15:19:54 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [199.192.165.131]) by gritton.org (8.15.2/8.15.2) with ESMTP id v3QFBRM6093485; Wed, 26 Apr 2017 09:11:27 -0600 (MDT) (envelope-from jamie@gritton.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id v3QFBRBY093484; Wed, 26 Apr 2017 09:11:27 -0600 (MDT) (envelope-from jamie@gritton.org) X-Authentication-Warning: gritton.org: www set sender to jamie@gritton.org using -f To: freebsd-jail@freebsd.org Subject: Re: jail sshd ipv6 error X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 26 Apr 2017 09:11:27 -0600 From: James Gritton In-Reply-To: References: Message-ID: X-Sender: jamie@gritton.org User-Agent: Roundcube Webmail/1.2.3 X-Greylist: inspected by milter-greylist-4.6.2 (gritton.org [199.192.165.131]); Wed, 26 Apr 2017 09:11:27 -0600 (MDT) for IP:'199.192.165.131' DOMAIN:'gritton.org' HELO:'gritton.org' FROM:'jamie@gritton.org' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (gritton.org [199.192.165.131]); Wed, 26 Apr 2017 09:11:27 -0600 (MDT) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 15:19:54 -0000 On 2017-04-26 00:32, Ørjan Tønder wrote: > Apr 26 08:12:04 irssi sshd[41415]: error: Bind to port 22 on > 2001:dead:beef:0:dacb:8aff:feea:9 failed: Can't assign requested > address. > Apr 26 08:12:04 irssi sshd[41415]: fatal: Cannot bind any address. > > this is solved by > > net.inet6.ip6.dad_count: 1 -> 0 > > what am i actually disabling here? > > And why are sshd inside jails not able too bind address dad_count is > enabled? There's some kind of clash between IPv6 neighbor discovery and jails, which is so far only worked around and not fixed. I'm not sure of the mechanics of it since I'm IPv6-less myself, but setting dad_count to zero makes sense as it would let an address be immediately configured without waiting for some kind of external confirmation. It seems this is really geared toward dynamic addresses, which jails seldom have (if they do, they're likely using vnet). In particular, what you're disabling is the sending out of a neighbor solicitation message that makes sure no one else is using the address you're setting. So if you know your configuration is correct there should be no worries. - Jamie