From owner-freebsd-net@freebsd.org Wed Mar 18 16:48:43 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1F307265E71; Wed, 18 Mar 2020 16:48:43 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from boulangerie.foucry.net (boulangerie.foucry.net [62.210.131.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48jGFh6prMz4gKc; Wed, 18 Mar 2020 16:48:40 +0000 (UTC) (envelope-from jacques+freebsd@foucry.net) Received: from tamanoir.foucry.net (localhost [127.0.0.1]) by boulangerie.foucry.net (Postfix) with ESMTP id 221515C92F; Wed, 18 Mar 2020 17:48:39 +0100 (CET) X-Virus-Scanned: amavisd-new at foucry.net Received: from boulangerie.foucry.net ([127.0.0.1]) by tamanoir.foucry.net (mail.foucry.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OT9KKpTeW2Iq; Wed, 18 Mar 2020 17:48:38 +0100 (CET) Received: from mithril.localdomain (dontpanic.foucry.net [80.67.176.134]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by boulangerie.foucry.net (Postfix) with ESMTPSA id 0AB895C92E; Wed, 18 Mar 2020 17:48:38 +0100 (CET) Received: from foucry.net (mithril.foucry.net [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mithril.localdomain (Postfix) with ESMTPS id 919622045B; Wed, 18 Mar 2020 17:48:37 +0100 (CET) Date: Wed, 18 Mar 2020 17:48:36 +0100 From: Jacques Foucry To: Victor Sudakov Cc: freebsd-questions@freebsd.org, freebsd-net@freebsd.org Subject: Re: IPv6 in jails Message-ID: <20200318164836.GO25617@foucry.net> Mail-Followup-To: Victor Sudakov , freebsd-questions@freebsd.org, freebsd-net@freebsd.org References: <20200318151556.GA64871@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="WBsA/oQW3eTA3LlM" Content-Disposition: inline In-Reply-To: <20200318151556.GA64871@admin.sibptus.ru> X-Rspamd-Queue-Id: 48jGFh6prMz4gKc X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.54 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx]; IP_SCORE(-0.65)[ip: (-4.69), ipnet: 62.210.0.0/16(1.01), asn: 12876(0.41), country: FR(0.00)]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_LONG(-0.99)[-0.991,0]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_MEDIUM(0.00)[0.002,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DMARC_POLICY_ALLOW(-0.50)[foucry.net,reject]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:12876, ipnet:62.210.0.0/16, country:FR]; TAGGED_FROM(0.00)[freebsd]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2020 16:48:43 -0000 --WBsA/oQW3eTA3LlM Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Le mercredi 18 mars 2020 =E0 22:15:56 (+0700), Victor Sudakov =E0 =E9crit: > Dear Colleagues, Hello Victor, >=20 > Is IPv6 in jails supposed to work? Does not work for me, what am I doing > wrong? Suppose to work, and work for me. >=20 > Here is a test jail: >=20 > test4 {=20 > path =3D /d02/jails/test4 ; > mount.devfs; > ip4 =3D new; > ip6 =3D new; > ip4.addr =3D 192.168.4.204/24; > ip6.addr =3D 2001:470:ecba:3::4/64; > host.hostname =3D test4.vas.sibptus.ru ; > interface =3D re1 ; > allow.raw_sockets =3D true ; > exec.start =3D "/bin/sh /etc/rc"; > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > } Well there is a difference between your config and mine: ip6.addr=3D"em0|2a01:4f9:4a:1fd8::16/64"; In my config there is the interface to use (em0 in my case, re1 should be in yours) >=20 > However when I look from inside the jail, I see the daemons listening > only on IPv4: >=20 > root@test4:/ # sockstat -l > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS= =20 > root sendmail 17178 3 tcp4 192.168.4.204:25 *:* > root sshd 17175 3 tcp4 192.168.4.204:22 *:* > root syslogd 17110 5 udp4 192.168.4.204:514 *:* >=20 > If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead > of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not > available inside the jail). Hope my small experience can help you. --=20 Jacques Foucry --WBsA/oQW3eTA3LlM Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEAREIAB0WIQRd29C9s3PtOgNIX2tkcaT/7DX1XwUCXnJQ5AAKCRBkcaT/7DX1 X3f9AQCW6HReI88HfgHdKpGHxZGJax+txDbgcmWJEzv+oaYn3gD+I9iaz7011d7z GSvQfy1AmpRrgAVF81AER+XphppPLJw= =VyTr -----END PGP SIGNATURE----- --WBsA/oQW3eTA3LlM--