Date: Wed, 26 Apr 2017 09:11:27 -0600 From: James Gritton <jamie@gritton.org> To: freebsd-jail@freebsd.org Subject: Re: jail sshd ipv6 error Message-ID: <ff76e419d6b5331071cb7cf40d351c21@gritton.org> In-Reply-To: <CABx0kFGyqLOt9mc3OwW-w9Qb7aHLE-ckhxksM4hJDjtZonep8g@mail.gmail.com> References: <CABx0kFGyqLOt9mc3OwW-w9Qb7aHLE-ckhxksM4hJDjtZonep8g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2017-04-26 00:32, Ørjan Tønder wrote: > Apr 26 08:12:04 irssi sshd[41415]: error: Bind to port 22 on > 2001:dead:beef:0:dacb:8aff:feea:9 failed: Can't assign requested > address. > Apr 26 08:12:04 irssi sshd[41415]: fatal: Cannot bind any address. > > this is solved by > > net.inet6.ip6.dad_count: 1 -> 0 > > what am i actually disabling here? > > And why are sshd inside jails not able too bind address dad_count is > enabled? There's some kind of clash between IPv6 neighbor discovery and jails, which is so far only worked around and not fixed. I'm not sure of the mechanics of it since I'm IPv6-less myself, but setting dad_count to zero makes sense as it would let an address be immediately configured without waiting for some kind of external confirmation. It seems this is really geared toward dynamic addresses, which jails seldom have (if they do, they're likely using vnet). In particular, what you're disabling is the sending out of a neighbor solicitation message that makes sure no one else is using the address you're setting. So if you know your configuration is correct there should be no worries. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ff76e419d6b5331071cb7cf40d351c21>