Date: Wed, 18 Mar 2020 16:37:45 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: Victor Sudakov <vas@sibptus.ru>, freebsd-questions@freebsd.org Cc: freebsd-net@freebsd.org Subject: Re: IPv6 in jails Message-ID: <2dd539ed-0ee3-079b-27b2-28126056c69a@quip.cz> In-Reply-To: <20200318151556.GA64871@admin.sibptus.ru> References: <20200318151556.GA64871@admin.sibptus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Victor Sudakov wrote on 2020/03/18 16:15:
> Dear Colleagues,
>
> Is IPv6 in jails supposed to work? Does not work for me, what am I doing
> wrong?
>
> Here is a test jail:
>
> test4 {
> path = /d02/jails/test4 ;
> mount.devfs;
> ip4 = new;
> ip6 = new;
> ip4.addr = 192.168.4.204/24;
> ip6.addr = 2001:470:ecba:3::4/64;
> host.hostname = test4.vas.sibptus.ru ;
> interface = re1 ;
> allow.raw_sockets = true ;
> exec.start = "/bin/sh /etc/rc";
> exec.stop = "/bin/sh /etc/rc.shutdown";
> }
>
> However when I look from inside the jail, I see the daemons listening
> only on IPv4:
>
> root@test4:/ # sockstat -l
> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
> root sendmail 17178 3 tcp4 192.168.4.204:25 *:*
> root sshd 17175 3 tcp4 192.168.4.204:22 *:*
> root syslogd 17110 5 udp4 192.168.4.204:514 *:*
>
> If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead
> of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not
> available inside the jail).
If sshd in the host is configured to listen on all available interfaces
and addresses (the default) then it will catch your jails IP too.
You must configure sshd in the host to listen only on hosts IP and then
you will connect to the jails sshd.
What is you sshd_config in the host and in the jail? Following the
configuration directives must be set right.
Port
AddressFamily
ListenAddress
Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2dd539ed-0ee3-079b-27b2-28126056c69a>