Not getting an IPv6 in a jail

FLEURIOT Damien ml-SPAM at my.gd
Tue Sep 1 21:46:10 UTC 2009 

On Tue, Sep 01, 2009 at 10:13:45PM +0200 or thereabouts, John Hay wrote:
> On Tue, Sep 01, 2009 at 09:30:15PM +0200, Major Domo wrote:
> > Hello list,
> > 
> > 
> > Apologies if this has been discussed already but I searched the web
> > and the mailing lists and haven't found hints on my problem.
> > 
> > I've got a jail, I assign it a set of IP addresses, and it just won't
> > take the IP6 I give it.
> > 
> > 
> > Uname:
> > FreeBSD 7.2-STABLE
> > 
> > 
> > Sysctl jail MIBs:
> > security.jail.jail_max_af_ips: 255
> > security.jail.mount_allowed: 0
> > security.jail.chflags_allowed: 0
> > security.jail.allow_raw_sockets: 1
> > security.jail.enforce_statfs: 2
> > security.jail.sysvipc_allowed: 0
> > security.jail.socket_unixiproute_only: 1
> > security.jail.set_hostname_allowed: 0
> > 
> > 
> > /etc/rc.conf settings:
> > jail_enable="YES"
> > jail_set_hostname_allow="NO"
> > jail_list="ns"
> > jail_ns_interface="lo252"
> > jail_ns_hostname="[snip]"
> > jail_ns_ip="192.168.0.252,fe80::c0a8:fc"
> > jail_ns_rootdir="/var/jail/ns"
> > jail_ns_devfs_enable="YES"
> > 
> > 
> > jls -v:
> >    JID  Hostname                      Path
> >         Name                          State
> >         CPUSetID
> >         IP Address(es)
> >     23  [snip]                      /var/jail/ns
> >                                       ALIVE
> >         2
> >         192.168.0.252
> >         fe80::c0a8:fc
> > 
> > 
> > ifconfig lo252 from the host:
> > lo252: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> >         inet 192.168.0.252 netmask 0xffffffff
> >         inet6 fe80::c0a8:fc%lo252 prefixlen 128 scopeid 0x5
> > 
> > 
> > ifconfig from the jail:
> > re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> >         options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
> >         ether 00:e0:f4:19:e9:d2
> >         media: Ethernet autoselect (100baseTX <full-duplex>)
> >         status: active
> > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> > pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
> > lo252: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> >         inet 192.168.0.252 netmask 0xffffffff
> > 
> > 
> > ping6 from the host:
> > PING6(56=40+8+8 bytes) fe80::c0a8:fc%lo252 --> fe80::c0a8:fc%lo252
> > 16 bytes from fe80::c0a8:fc%lo252, icmp_seq=0 hlim=64 time=0.082 ms
> > 
> > 
> > I fail to see what could be going wrong :(
> > 
> > Any pointers please ?
> 
> I have not used jails with link-local addresses, only global addresses
> and that works. It looks like you did not specify the whole link-local
> address in the jail_*_ip line. You need to add the %interface for a
> proper ipv6 link-local address, eg. fe80::c0a8:fc%lo252. Not everything
> works with link-local addresses though and jail might be one of them.
> 
> John
> -- 
> John Hay -- jhay at meraka.csir.co.za / jhay at FreeBSD.org


Thanks for the hint John, I just tried by appending the interface %
and it still won't work any better:

rc.conf:
jail_ns_ip="192.168.0.252,fe80::c0a8:fc%lo252"

jls -v output doesn't change.
ifconfig output within the jail doesn't change.
ifconfig output on the host's lo252 doesn't change.

I'm afraid I don't have spare IP6s to assign to my public interface
so I can't test much more.


--
Damien Fleuriot

More information about the freebsd-stable mailing list