Jails - IPv4 and IPv6

Ernie Luzar luzar722 at gmail.com
Tue Aug 7 20:13:19 UTC 2018

Philipp Vlassakakis wrote:
>> Am 06.08.2018 um 20:21 schrieb Shamim Shahriar <shamim.shahriar at gmail.com>:
>> Hi Philipp
>> I'm using both IPv4 and IPv6 in my vNet jails. The IPv4 gets configured via the jail.conf, while v6 is via rc.conf from inside the jail, two lines to define v6 on epair and the gw as well. If you need, u can send you the configurations later.
>> They are quite stable, the pf on the hosts controls the access, works as expected.
>> Regards
> I would like to configure the IP addresses outside the jails, because customers may access these jails and I don't want customers to be able to simply change the IP addresses which might lead to the Jail being unreachable from the „outside“.

There are many different ways to configure non-vnet jails to use IPV6 
addresses. The whole purposes of jails is to contain any user of that 
jail to the jail. Defining ip address in the rc.conf of the jail is not 
the way to do it. For jail security jail.conf is where IPV6 & IPV4 
addresses are assigned to the jail. As long as you don't give jail users 
access to the host where the jail is run on, jail users will not be able 
to change the jail's IP addresses and have it work.

More information about the freebsd-questions mailing list