Not getting an IPv6 in a jail
John Hay
jhay at meraka.org.za
Tue Sep 1 20:13:49 UTC 2009
On Tue, Sep 01, 2009 at 09:30:15PM +0200, Major Domo wrote:
> Hello list,
>
>
> Apologies if this has been discussed already but I searched the web
> and the mailing lists and haven't found hints on my problem.
>
> I've got a jail, I assign it a set of IP addresses, and it just won't
> take the IP6 I give it.
>
>
> Uname:
> FreeBSD 7.2-STABLE
>
>
> Sysctl jail MIBs:
> security.jail.jail_max_af_ips: 255
> security.jail.mount_allowed: 0
> security.jail.chflags_allowed: 0
> security.jail.allow_raw_sockets: 1
> security.jail.enforce_statfs: 2
> security.jail.sysvipc_allowed: 0
> security.jail.socket_unixiproute_only: 1
> security.jail.set_hostname_allowed: 0
>
>
> /etc/rc.conf settings:
> jail_enable="YES"
> jail_set_hostname_allow="NO"
> jail_list="ns"
> jail_ns_interface="lo252"
> jail_ns_hostname="[snip]"
> jail_ns_ip="192.168.0.252,fe80::c0a8:fc"
> jail_ns_rootdir="/var/jail/ns"
> jail_ns_devfs_enable="YES"
>
>
> jls -v:
> JID Hostname Path
> Name State
> CPUSetID
> IP Address(es)
> 23 [snip] /var/jail/ns
> ALIVE
> 2
> 192.168.0.252
> fe80::c0a8:fc
>
>
> ifconfig lo252 from the host:
> lo252: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> inet 192.168.0.252 netmask 0xffffffff
> inet6 fe80::c0a8:fc%lo252 prefixlen 128 scopeid 0x5
>
>
> ifconfig from the jail:
> re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
> ether 00:e0:f4:19:e9:d2
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
> lo252: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> inet 192.168.0.252 netmask 0xffffffff
>
>
> ping6 from the host:
> PING6(56=40+8+8 bytes) fe80::c0a8:fc%lo252 --> fe80::c0a8:fc%lo252
> 16 bytes from fe80::c0a8:fc%lo252, icmp_seq=0 hlim=64 time=0.082 ms
>
>
> I fail to see what could be going wrong :(
>
> Any pointers please ?
I have not used jails with link-local addresses, only global addresses
and that works. It looks like you did not specify the whole link-local
address in the jail_*_ip line. You need to add the %interface for a
proper ipv6 link-local address, eg. fe80::c0a8:fc%lo252. Not everything
works with link-local addresses though and jail might be one of them.
John
--
John Hay -- jhay at meraka.csir.co.za / jhay at FreeBSD.org
More information about the freebsd-stable
mailing list