Not getting an IPv6 in a jail

Mark Andrews marka at isc.org
Wed Sep 2 23:04:36 UTC 2009 

In message <20090902160440.GA28417 at sd-13813.dedibox.fr>, FLEURIOT Damien writes
:
> On Tue, Sep 01, 2009 at 08:15:24PM +0000 or thereabouts, Bjoern A. Zeeb wrote
> :
> > On Tue, 1 Sep 2009, Major Domo wrote:
> > 
> > Hi,
> > 
> > >Apologies if this has been discussed already but I searched the web
> > >and the mailing lists and haven't found hints on my problem.
> > >
> > >I've got a jail, I assign it a set of IP addresses, and it just won't
> > >take the IP6 I give it.
> > >
> > >
> > >Uname:
> > >FreeBSD 7.2-STABLE
> > >
> > >jail_ns_ip="192.168.0.252,fe80::c0a8:fc"
> > >
> > >jls -v:
> > >  JID  Hostname                      Path
> > >       Name                          State
> > >       CPUSetID
> > >       IP Address(es)
> > >   23  [snip]                      /var/jail/ns
> > >                                     ALIVE
> > >       2
> > >       192.168.0.252
> > >       fe80::c0a8:fc
> > >
> > >
> > >ifconfig lo252 from the host:
> > >lo252: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> > >       inet 192.168.0.252 netmask 0xffffffff
> > >       inet6 fe80::c0a8:fc%lo252 prefixlen 128 scopeid 0x5
> > >
> > >
> > >ifconfig from the jail:
> > >re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> > >       options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_
> UCAST,WOL_MCAST,WOL_MAGIC>
> > >       ether 00:e0:f4:19:e9:d2
> > >       media: Ethernet autoselect (100baseTX <full-duplex>)
> > >       status: active
> > >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> > >pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
> > >lo252: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> > >       inet 192.168.0.252 netmask 0xffffffff
> > 
> > 
> > This is a rather special case.  For link-local addresses you have to
> > give the scope as well but it won't take the scope with the %lo252
> > notation but only in the KAME in-kernel syntax I would assume.
> > Can you try:
> > 
> > jail_ns_ip="192.168.0.252,fe80:5::c0a8:fc"
> > 
> > Note the added 5 in the second group of hex digits.  That five is the
> > interface index.  I took it from the "scopeid 0x5". In case your
> > interface index changes you will need to adjust the address.
> > 
> > I cannot say if it'll work but it would be worth a try.
> > 
> > /bz
> > 
> > -- 
> > Bjoern A. Zeeb           What was I talking about and who are you again?
> 
> 
> Hi list, Bjoern, John,
> 
> 
> I confirm it is now working with the following line in /etc/rc.conf:
> jail_ns_ip="192.168.0.252,fec0:5::df:252"
> 
> along with redirections in /etc/pf.conf:
> rdr pass log on $ext_if inet proto {tcp,udp} to $ext_if port 53 ->
> $lo252_if port 53
> rdr pass log on $ext_if inet6 proto {tcp,udp} to $ext_if port 53 ->
> $lo252_if port 53
> 
> 
> Notice the use of both the interface's index and a site-local ip6
> address instead of the old fe80 as suggested.
> 
> BIND's now happily running in its jail and responding to public
> queries.
> 
> 
> Perhaps a small addition to the jails entry in the Handbook to
> advise people about the use of IP6 addresses on loopback interfaces
> would be warranted ?
> 
> I realize how lousy it is to NAT IP6 but my host assigns only 1
> IP6 address per server.

Then complain.  There is no reason to be miserly with IPv6 addresses.

> Thanks for the help !
> 
> Regards
> 
> --
> Damien
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the freebsd-stable mailing list