Jails and IPv6 local loopback

Sun Aug 28 00:07:39 UTC 2016

On 28/08/16 00:26, Ernie Luzar wrote:
> Roger Leigh wrote:

>> In my case, I haven't set anything related to the loopback interface
>> lo0 for the jail.  The host has working v4 and v6 loopback addresses.
>> The guest has only working v4.  Why not for v6?
>>
>>   interface = "bge0";
>>   ip4.addr = "192.168.1.12";
>>   ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002";
>>   allow.raw_sockets = "1";
>>
>> is the extent of the configuration.  I specify both v4 and v6
>> addresses on bge0.  I don't specify anything loopback-related, so why
>> is it mapping v4 and not v6?  The discrepancy seems a little odd.
>>
>> Is there a solution to the problem at present?  What would the
>> recommended configuration in jail.conf be for obtaining working v4 and
>> v6 addresses on the loopback interface inside the jail?
>>
>
> Previously you posted this as your jail.conf
> bfcpp {
>   host.hostname = "bfcpp.codelibre.net";
>   interface = "bge0";
>   ip4.addr = "192.168.1.12";
>   ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002";
>   allow.raw_sockets = "1";
>   path = "/jail/bfcpp";
>   mount.devfs;
>   mount.fdescfs;
>   mount.procfs;
>   mount.fstab="/etc/fstab.bfcpp";
>   exec.start = "/bin/sh /etc/rc";
>   exec.stop = "/bin/sh /etc/rc.shutdown";
>   exec.clean;
>   exec.jail_user = "root";
>   exec.system_jail_user;
> }
>
> I see no reason for these
>   mount.fdescfs;
>   mount.procfs;
>   exec.clean;
>   exec.jail_user = "root";
>   exec.system_jail_user;
> not the cause of your problem, just not needed.
>
> Your assuming that ping6 is broken just because its having a problem
> with localhost. Try ping6 against some other box on the lan using it's
> ipv6 ip address.

I'm not assuming that ping6 is broken.  The jail has a working v6 global 
address.  ping6 works fine to other hosts using global addresses, and I 
can SSH into the jail from any v6 system using its AAAA record.

% host bfcpp.codelibre.net
bfcpp.codelibre.net has IPv6 address 2001:8b0:860:ddbd:3aea:a7ff:feab:7002

% ssh bfcpp.codelibre.net
Last login: Sat Aug 27 20:23:24 2016 from 
7.5.2.1.f.5.e.f.f.f.c.4.4.a.2.6.d.b.d.d.0.6.8.0.0.b.8.0.1.0.0.2.ip6.arpa
FreeBSD 11.0-RC2 (GENERIC) #0 r304729: Wed Aug 24 06:59:03 UTC 2016

The fact that global IPv6 networking is functional is not really 
relevant to the question I asked though.

What I can't do is ping6 the *localhost*, which I mentioned purely to 
demonstrate the lack of a working v6 loopback, and hence I can't run v6 
services on the localhost due to missing the v6 loopback.  This is the 
missing functionality I need, and the question I'm asking here which has 
been unanswered is how to enable that.

> You need to define the hosts ipv6 ip address to localhost in the hosts
> /etc/hosts file.
>
> You may also have to define the jails ipv6 ip address to localhost in
> the jails /etc/hosts file.

This isn't what I want or need I'm afraid.  I do require the loopback 
working on v6 specifically, and not just a tweak to the localhost 
hostname.  Some of the services to be deployed in the jails run on the 
public interfaces, some on the local loopback, and that type of hack 
wouldn't be acceptable for deployment.

Is it possible to enable v6 loopback on lo0 in the jail using jail.conf?

Regards,
Roger