IPv6 only Jails cannot connect to the outside world
Niklaas Baudet von Gersdorff
niklaas at kulturflatrate.net
Sat Oct 24 20:45:46 UTC 2015
On 06/10/15 12:15, Trond Endrestøl wrote:
> local_unbound is in base, if you prefer to limit the number of
> installed ports in each jail.
>
> Just add local_unbound_enable="YES" to each jail's /etc/rc.conf.
>
> Start the local_unbound service, and let it create its files in
> /var/unbound. Stop the unbound service.
>
> Edit /var/unbound/forward.conf to your heart's content. Add as many
> "forward-addr:" statements as you need below "name: .". See
> unbound.conf(5) for more information.
>
> You might want to verify the settings in /etc/resolv.conf and
> /etc/resolvconf.conf.
>
> Start the unbound service, and check the resolver using host,
> ping{,6}, traceroute{,6} ...
>
> Once you get one jail running as desired, just copy the configuration
> files, save /etc/rc.conf, to the other jails.
I finally took a closer look on this.
Unfortunately, I was not able to set this up within the jails but what I
did was installing dns/unbound on the host and set it as IPv4 and IPv6
name server in each jail in `/etc/resolv.conf`.
Is there a good reason why not to do this and prefer the local_unbound
version in each jail as described by Trond (thanks again)? Maybe because
of security concerns?
--
Niklaas
More information about the freebsd-questions
mailing list