From owner-freebsd-jail@freebsd.org Wed Apr 26 06:32:32 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 97D2DD50D6F for ; Wed, 26 Apr 2017 06:32:32 +0000 (UTC) (envelope-from orjan.tonder@gmail.com) Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 63E48FB9 for ; Wed, 26 Apr 2017 06:32:32 +0000 (UTC) (envelope-from orjan.tonder@gmail.com) Received: by mail-it0-x22f.google.com with SMTP id g66so33358423ite.1 for ; Tue, 25 Apr 2017 23:32:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=s2G9sovtvdQAsU0uqL+GXvGXNHBGH05+gpSFa/NcrBE=; b=BGk0ycXz56WuRjD0kmzzOO17e12R4/rEtmpIU7m86wo3UKxRUnP1IVIurkVxzg5v+J 77hjTOOXGT1FbmrKgNiQHBGeSmPBnviWZt9L+oqGaHuEhHYjdpCV0NvQ1/9BWc3d4nmq 6ncT/3x1Zs7dDhWXXmc1xH3vwAOL5k0mPYXE4EdlHQGI9R6qsgrabsvqZENXQ4huPoL6 mOdFE9GpHfXIf5eBYmwm/S5Gzut0eJF0y1ezeFw2Rmy7kXFJoLv1DXFMTjEbCbkp/nH3 dwv0Y4tvRCx5CEMP90NyGEDrTVCgH3wTM9JbDJ2Hd4GG2taiJSwj4p9jmM7NGICbmEOw 8BRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=s2G9sovtvdQAsU0uqL+GXvGXNHBGH05+gpSFa/NcrBE=; b=a45N2yJyUZXsMDt4LBMpsKfwB1x5QxKidlRQAt0+t6x59LXb43i78GbONw+BcS1DUN coJ77wr95pwMZHpN16vjnSQx/TNZdlADNdQxvgaE2EmTOatnfWsGh7/Cy72gjG3uyISa tJhruN9VG+hEi+yYtDZ6b0HErSKhF90UDr0paef48wXU0FzWOX1zEW9oshHxZ1JwGsL6 srjRXt5QoUnR6+DKYEXBTxVetuly6we2umfeLa/DyZYQzBxY89mrv9E1kwbnnXifNNms 8i6uayZAyq4x2WyIyDVXs/HHlEC9+sDCGmmqxCB8O42FNk3bbaYeA+vR5sn887n3C8D/ 8VmA== X-Gm-Message-State: AN3rC/5AooKDvKteVPGRxHs4P28XVK5ecMiBn9fabEdchf507JLFEGc9 qGXPvZdJgiGAhp+mooJOiXJQS3bR1dxIXC4= X-Received: by 10.36.54.129 with SMTP id l123mr9403685itl.50.1493188351596; Tue, 25 Apr 2017 23:32:31 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.10.24 with HTTP; Tue, 25 Apr 2017 23:32:31 -0700 (PDT) From: =?UTF-8?B?w5hyamFuIFTDuG5kZXI=?= Date: Wed, 26 Apr 2017 08:32:31 +0200 Message-ID: Subject: jail sshd ipv6 error To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 06:32:32 -0000 Apr 26 08:12:04 irssi sshd[41415]: error: Bind to port 22 on 2001:dead:beef:0:dacb:8aff:feea:9 failed: Can't assign requested address. Apr 26 08:12:04 irssi sshd[41415]: fatal: Cannot bind any address. this is solved by net.inet6.ip6.dad_count: 1 -> 0 what am i actually disabling here? And why are sshd inside jails not able too bind address dad_count is enabled? -- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQENBFUByQgBCAChgKlX3wlCovKXZG//oGdpVCFxiC8X6kSWC2pvdfcxgII/corC o2ndED6Zp9AEzBjT46ilzbwJkxPWB+Qq4oucj5zLSUrWb0pIszCWksFhOKEqJ87D lR0UXBpR5a9+SYqydVgRsyZmHGDAyWnneKvcp6MlYcsqYogC9xYJjK2K0r91f9pn vsQmiLJcNMPVWxQ+w7pEQFtntoHcKbZ0LaEG/hhEN2fOA8SNa3FYQ2bexLVtgFhR q+5VYyO89XWHH20ovoltRUOR7XvXNAY4GT6jMwi7QJ9FTTPFy7v1uGrBJbuDZ2fM gegRMbykNBtadztATpGAw9+be4879Cfzt6d7ABEBAAG0N8OYcmphbiBUw7huZGVy IChyZWFsIG5hbWUga2V5KSA8b3JqYW4udG9uZGVyQGdtYWlsLmNvbT6JATgEEwEC ACIFAlUByQgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEJVR+IZRCu10 wuMH/2INhf+aLPTdH0xD9DLNQJXlxofhkKZtWxBLeHCcl0lHFjHDC65OQ/pyuqQZ KyevSdRo21uXv72YcAPLuCqxsuIOvpNoUpS36Cat8K8wK0zLS3XQlZI/wvP6qWse W/OYGM2VGuG7Sn5Mjx8BcSiUiAItfNTy+Ao1LIldywOtjHIaKDK5y+Ml4PWkSk1q H77XoIS/6QKDmAQzpOYoNgnR4R4pucHVrriCWW5A3vWktK4prcO8SI3Ci88JmL5v imDITMOFwlNBQD4j7e3T/qwBZ5DGsnQ4s4fe8Xd1sFx4UYRompH485RrUAWLJ+wS 65hEUQ9jx9w/68iDSr5PXI6Peaw= =1oDp -----END PGP PUBLIC KEY BLOCK----- From owner-freebsd-jail@freebsd.org Wed Apr 26 15:19:54 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 98AB1D50D18 for ; Wed, 26 Apr 2017 15:19:54 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gritton.org", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 71CD61F57 for ; Wed, 26 Apr 2017 15:19:54 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [199.192.165.131]) by gritton.org (8.15.2/8.15.2) with ESMTP id v3QFBRM6093485; Wed, 26 Apr 2017 09:11:27 -0600 (MDT) (envelope-from jamie@gritton.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id v3QFBRBY093484; Wed, 26 Apr 2017 09:11:27 -0600 (MDT) (envelope-from jamie@gritton.org) X-Authentication-Warning: gritton.org: www set sender to jamie@gritton.org using -f To: freebsd-jail@freebsd.org Subject: Re: jail sshd ipv6 error X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 26 Apr 2017 09:11:27 -0600 From: James Gritton In-Reply-To: References: Message-ID: X-Sender: jamie@gritton.org User-Agent: Roundcube Webmail/1.2.3 X-Greylist: inspected by milter-greylist-4.6.2 (gritton.org [199.192.165.131]); Wed, 26 Apr 2017 09:11:27 -0600 (MDT) for IP:'199.192.165.131' DOMAIN:'gritton.org' HELO:'gritton.org' FROM:'jamie@gritton.org' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (gritton.org [199.192.165.131]); Wed, 26 Apr 2017 09:11:27 -0600 (MDT) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Apr 2017 15:19:54 -0000 On 2017-04-26 00:32, Ørjan Tønder wrote: > Apr 26 08:12:04 irssi sshd[41415]: error: Bind to port 22 on > 2001:dead:beef:0:dacb:8aff:feea:9 failed: Can't assign requested > address. > Apr 26 08:12:04 irssi sshd[41415]: fatal: Cannot bind any address. > > this is solved by > > net.inet6.ip6.dad_count: 1 -> 0 > > what am i actually disabling here? > > And why are sshd inside jails not able too bind address dad_count is > enabled? There's some kind of clash between IPv6 neighbor discovery and jails, which is so far only worked around and not fixed. I'm not sure of the mechanics of it since I'm IPv6-less myself, but setting dad_count to zero makes sense as it would let an address be immediately configured without waiting for some kind of external confirmation. It seems this is really geared toward dynamic addresses, which jails seldom have (if they do, they're likely using vnet). In particular, what you're disabling is the sending out of a neighbor solicitation message that makes sure no one else is using the address you're setting. So if you know your configuration is correct there should be no worries. - Jamie From owner-freebsd-jail@freebsd.org Sat Apr 29 11:08:53 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20A55D55F4E for ; Sat, 29 Apr 2017 11:08:53 +0000 (UTC) (envelope-from olevole@olevole.ru) Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C43FB207 for ; Sat, 29 Apr 2017 11:08:52 +0000 (UTC) (envelope-from olevole@olevole.ru) Received: by mail-lf0-x229.google.com with SMTP id t144so44762159lff.1 for ; Sat, 29 Apr 2017 04:08:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=olevole-ru.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:user-agent:mime-version :content-transfer-encoding; bh=52IqZQlj5GAnj4OYkLRZUTUPshgzfbfVjI5KETtb898=; b=A8O8cha4RcRWJemdxIuMxs3Vt7QamNmGcVMvG8XmnUjwcWrsZT4cU2xQCOg9OjqmVK 258UPdnmHvRYar7AuERuZcPxp1hvC38ZSXJKwMmTds3thbFfvnSlVPnADDGrNpCTrj1N wuTlD5/S455Y6wcV9uKyB/pjDj0MIeTDFolxVSKDp1l8JSeb4LuZK/Ct5FtVnyFJP/Dh gbHW1jSOhigOKExqun0Rc3/lbD4ApD6WyYgJV2lpRz0rnqGKzsXDNWzqfsDBp+QeVahn 7ZdW/cDkobAuR+/zc5aVet/HJ3K2NSt6rPjXKzScX5a6lP0kr+eOHStlPz3BLGBiHWCE Jfpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:user-agent :mime-version:content-transfer-encoding; bh=52IqZQlj5GAnj4OYkLRZUTUPshgzfbfVjI5KETtb898=; b=eSPMM+zx/csCfYRjaN7rsxgxnnuBlFvvV1agJMb0aYrl+t5PRc6L8rAf6MjiERlLnh PVVf3FxpDPeCd1/r9nCNV1K+4kCZlQtrtYfiej3E4KgqhUYLjY4bfTZxC2Ad1VrRPfiY h/wF42J8geIDDCjOlW/1DCLP4OX/8vqgw7y1uZubJI6gootriql+E7Z33bQilwTye1OD U829jSpOL4slBGYrao2/EnZYi8I5SbH4SCLm8Fq01J8JHIYzXcWygod+MKtg+usqnhph gHx3ByND25rcI/ieNz/Ffnc8xsRY+jhp8HLVRNaW9yC7xECysVzyhVGyIjpAK8N/5ucv /i+A== X-Gm-Message-State: AN3rC/6LRuZLn/0w4zfIudn5fn+zfU8MDc2aDXW1efHV1HBlGlsh2i+6 RWH/y/10jEq3ow== X-Received: by 10.46.6.17 with SMTP id 17mr5418956ljg.125.1493464130042; Sat, 29 Apr 2017 04:08:50 -0700 (PDT) Received: from gizmo.my.domain (95-28-199-171.broadband.corbina.ru. [95.28.199.171]) by smtp.gmail.com with ESMTPSA id h9sm1547809ljb.46.2017.04.29.04.08.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 29 Apr 2017 04:08:48 -0700 (PDT) From: Oleg Ginzburg To: freebsd-jail@freebsd.org, freebsd-virtualization@freebsd.org Subject: [CFT] ClonOS distribution (beta) Date: Sat, 29 Apr 2017 14:08:47 +0300 Message-ID: <6471744.WOriHUl5lJ@gizmo.my.domain> User-Agent: KMail/4.14.10 (FreeBSD/12.0-CURRENT; KDE/4.14.30; amd64; ; ) MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Apr 2017 11:08:53 -0000 Hello, Some time ago I announced a new project called the ClonOS[1]. At the moment the functinal for working with bhyve(8) and jail(8) stabilized, so I invite to testing this anyone who is interested in such project. Formally, this is the WEB interface for CBSD[2] (jail and bhyve management framework writtend in sh), but is formed into a separate distribution for those who do not want to be engaged in setting up the system, since the configuration is large[3] ;-) After ClonOS release I plan to make a sysutils/cbsdweb port for this stuff. For booting bhyve I'm using a third-party solution[4], so booting can differ from standard behavior. You can send any comments or ideas to my email or register as GitHub issue[5] or write this in Telegram channel[6] Cul8r! -- [1] https://www.freebsd.org/news/status/report-2016-07-2016-09.html#ClonOS:-New-FreeBSD-Based-Free/Open-Hosting-Platform [2] http://www.freshports.org/sysutils/cbsd/ , https://www.bsdstore.ru/en/about.html [3] https://clonos.tekroutine.com/installation_on_freebsd.html [4] iPXE, http://ipxe.org/ for bhyve PXE boot support [5] https://github.com/clonos/cp , https://github.com/cbsd/ [6] https://web.telegram.org/#/im?p=%40cbsdofficial