From owner-freebsd-ipfw@freebsd.org Sun Oct 28 15:32:17 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0BA4510D607C for ; Sun, 28 Oct 2018 15:32:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 99AEB89D7B for ; Sun, 28 Oct 2018 15:32:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 5F6E010D6078; Sun, 28 Oct 2018 15:32:16 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E4CE10D6077 for ; Sun, 28 Oct 2018 15:32:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E263E89D73 for ; Sun, 28 Oct 2018 15:32:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 36AAD1CDBD for ; Sun, 28 Oct 2018 15:32:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w9SFWFf3055172 for ; Sun, 28 Oct 2018 15:32:15 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w9SFWFKU055171 for ipfw@FreeBSD.org; Sun, 28 Oct 2018 15:32:15 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 232764] [ipfw] share/examples/ipfw/change_rules.sh: Support firewall_type=workstation, don't backup or send e-mail if no differences found Date: Sun, 28 Oct 2018 15:32:15 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.2-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: mfc-stable11? mfc-stable12? X-Bugzilla-Changed-Fields: assigned_to keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Oct 2018 15:32:17 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232764 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |ipfw@FreeBSD.org Keywords| |patch --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Sun Oct 28 21:00:17 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 720C410E0784 for ; Sun, 28 Oct 2018 21:00:17 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 11B216FB59 for ; Sun, 28 Oct 2018 21:00:17 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id CA33E10E0783; Sun, 28 Oct 2018 21:00:16 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B919B10E0781 for ; Sun, 28 Oct 2018 21:00:16 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5F1BA6FB55 for ; Sun, 28 Oct 2018 21:00:16 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 95E081F9DF for ; Sun, 28 Oct 2018 21:00:15 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w9SL0FZf060867 for ; Sun, 28 Oct 2018 21:00:15 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w9SL0FJJ060865 for ipfw@FreeBSD.org; Sun, 28 Oct 2018 21:00:15 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201810282100.w9SL0FJJ060865@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: ipfw@FreeBSD.org Subject: Problem reports for ipfw@FreeBSD.org that need special attention Date: Sun, 28 Oct 2018 21:00:15 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Oct 2018 21:00:17 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- New | 215875 | [ipfw] ipfw lookup tables do not support mbuf_tag 1 problems total for which you should take action. From owner-freebsd-ipfw@freebsd.org Mon Oct 29 14:56:05 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C20810DC66C; Mon, 29 Oct 2018 14:56:05 +0000 (UTC) (envelope-from driesm.michiels@gmail.com) Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F02D4744E0; Mon, 29 Oct 2018 14:56:04 +0000 (UTC) (envelope-from driesm.michiels@gmail.com) Received: by mail-ed1-x52a.google.com with SMTP id x31-v6so7557743edd.8; Mon, 29 Oct 2018 07:56:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version:thread-index :content-language; bh=GnNWeFLMAFKwApD/io69T6hOwo9dy/f8J4J5aTyid3k=; b=GJns8jgolmXgY7XPxsYWSfeDMIDiWPLbAdZ6OJtOCo5MUXF47o3Z8WweQ9hXR9/XUF pyzwbnMqLIW/uZGRkIKCdXtKVNTDdF5P3O/OeAiCga/N/+3iU/3T9eaKesBbc8bHY4jp U4kHcmIDEebefZougIuARQ7//FpXjwVP1+3SsKmltb2EaWSS5xN68K/OXLnY2sGfP8Uj GRaT8s3sZnSnsTd8XimV9ZnWDQBX5WkC2PNNLRjNRb5UgpRN3HERhbUn1EvVeg6am+XR BSlY+s2RCf3pS/B00iEcej0bSpZd6kgT/yhjqoPYfMVPMEoIbPI1g2P15qrnIEaD5k91 KdsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :thread-index:content-language; bh=GnNWeFLMAFKwApD/io69T6hOwo9dy/f8J4J5aTyid3k=; b=cqybgqFAC07epukkKHJh8QVGaOdCIA6ImAu9R7SvXaD/lgTLOjupqOkVbmy++Zu6fX vPSeWdppMjw0upUW2ZmvJUdCMxADJR49YzpNRXtRsWk9stLWradZXOfDvp5pzkpi7IYl 5fQc5kMWEpRky/CBCcgGeSHBxPfvC9uRBBk9EqvmFt9yUZMgLwnMK0Mm4KMkMTW8F8wm 8ZqmzGnc9Xnxfci2EGBWv3WHY8mSOwraiBTrT3HCQM+BdzulFE26BK0NjmiYOrXnzhmm vPCeUuLNqCL/GG1Ek13hj3vrxV/YeGHNHWp+XQm1XGGxCxK6u0oVFQPhtV5LZP1fzuhr JyBQ== X-Gm-Message-State: AGRZ1gJ43iGlBOqn7wtFQ5ZlNMiEWI4fGS8c0SPyidJu0T/xNs8IsNWN 9fyYhcGdAQoOkBAJNpUH1Qo3F1Vs X-Google-Smtp-Source: AJdET5fmGVONCUQxiL3JKaGdvj2j/H+0P4nn5CiOzcgDvJktnoQjmm0XP9D8TRbP4dDYqMaiPKGUzA== X-Received: by 2002:a50:c31b:: with SMTP id a27-v6mr14070675edb.160.1540824962734; Mon, 29 Oct 2018 07:56:02 -0700 (PDT) Received: from DriesPC (ptr-8skldq3xswuq8a34v25.18120a2.ip6.access.telenet.be. [2a02:1811:2512:a100:35fd:d497:da03:c13d]) by smtp.gmail.com with ESMTPSA id b36-v6sm6725815ede.11.2018.10.29.07.56.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Oct 2018 07:56:01 -0700 (PDT) From: "Dries Michiels" To: , Subject: Configuring IPv6 on jails Date: Mon, 29 Oct 2018 15:56:02 +0100 Message-ID: <005c01d46f97$8389d4a0$8a9d7de0$@gmail.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AdRvlmpPDc05euGbSk6EEsHBeBmztw== Content-Language: nl-be Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Oct 2018 14:56:05 -0000 Hello, I'm converting everything in my network to dual stack. So far so good. I came to a stop when I started to think about my jails. Right now my jails have a private IPv4 address and get NAT-ed by IPFW to reach to IPv4 internet. My ISP gives me a /56 IPv6 prefix which I obtain by using DHCPv6 (net/dhcp6). net/dhcp6 puts a /64 prefix from that /56 range on my LAN interface and from there rtadvd takes over. How can I assign a global address to my jails without too much scripting (using net/dhcp6 or other solutions, see below)? I was thinking about a few solutions; * Either use VIMAGE for the jails. Attach jails to the same bridge, use net/dhcp6 to put a /64 prefix on the bridge and let rtadvd run on it. This way I can use rtsold in the jails to obtain an IPv6 address from the prefix assigned to the bridge. * Use IPFW IPv6 prefix translation for the jail /64 prefix; translate between global routable /64 prefix and fd00::1/64 (as example). The latter can be statically configured in jail.conf. My problem here is that the IPFW rule needs the external prefix as an argument. My prefix is dynamic so this might be tricky and indicates scripting to me. Isn't there a way to let IPFW determine what interface to use (and thus IPv6 prefix) for external translation? (for IPv4 NAT there is no need to specify the external IPv4 address) * Script everything .. put some IPv6 addresses on my jail interface (lo1 at the moment) and script it so that jail.conf picks an IPv6 address from that interface. Right now my biggest question is how I can make my jails access the internet over IPv6 using a dynamic /64 prefix without scripting. Can anyone give me some extra advice, help, or indicate another more elegant solution in deploying my setup? Thanks. From owner-freebsd-ipfw@freebsd.org Mon Oct 29 17:36:31 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 21F8810E0EA8; Mon, 29 Oct 2018 17:36:31 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward106p.mail.yandex.net (forward106p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 937BF7A5FC; Mon, 29 Oct 2018 17:36:30 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback1o.mail.yandex.net (mxback1o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1b]) by forward106p.mail.yandex.net (Yandex) with ESMTP id 4EF442D86063; Mon, 29 Oct 2018 20:36:20 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback1o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id wQNSExRdks-aKZWeLMs; Mon, 29 Oct 2018 20:36:20 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1540834580; bh=QFwaZi8a73F8L+wy4IU1CZU/EN14aqLP0piKWRoVPWo=; h=Subject:To:References:From:Message-ID:Date:In-Reply-To; b=JJmvsRaG+QJlJWErIgj4CoXtcSG6EAFg8xIMNrM1RbOUr/efFGcb4be6UQ0QCudkJ n7n6HEhztcoK5MpDQgc9UdHoxswtliom1c4YLWkhTTTJsg7KEyVkJ6MaKFsAciAHBT JrCGaMjAEKZVft0bCBF7qt81Xi0NbLrYb3Hki068= Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id Np888EqWvZ-aJ7qRHCk; Mon, 29 Oct 2018 20:36:19 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1540834579; bh=QFwaZi8a73F8L+wy4IU1CZU/EN14aqLP0piKWRoVPWo=; h=Subject:To:References:From:Message-ID:Date:In-Reply-To; b=lVB/6wbYhsTI2LhvvLYgVM7ewXW5mTvgBim5d3ZNtvVz+ww5hM3kcTGQJABpPz3ps WOu5zXyHaDHRUmraJOy7gVUVmx+4EA9XAeaBOOTXBv3+vNFHlr8kyqyQHR8kjzoCYz 677Minw3k9BA7I88X+JeONU05uGGnImCxtOIpTcs= Authentication-Results: smtp2o.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Configuring IPv6 on jails To: Dries Michiels , freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org References: <005c01d46f97$8389d4a0$8a9d7de0$@gmail.com> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= xsBNBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAHNIkFuZHJleSBWLiBFbHN1a292IDxhZUBmcmVlYnNkLm9yZz7CwHsEEwECACUCGwMGCwkI BwMCBhUIAgkKCwQWAgMBAh4BAheABQJMB/ruAhkBAAoJEAHF6gQQyKF6MLwH/3Ri/TZl9uo0 SepYWXOnxL6EaDVXDA+dLb1eLKC4PRBBjX29ttQ0KaWapiE6y5/AfzOPmRtHLrHYHjd/aiHX GMLHcYRXD+5GvdkK8iMALrZ28X0JXyuuZa8rAxWIWmCbYHNSBy2unqWgTI04Erodk90IALgM 9JeHN9sFqTM6zalrMnTzlcmel4kcjT3lyYw3vOKgoYLtsLhKZSbJoVVVlvRlGBpHFJI5AoYJ SyfXoN0rcX6k9X7Isp2K50YjqxV4v78xluh1puhwZyC0p8IShPrmrp9Oy9JkMX90o6UAXdGU KfdExJuGJfUZOFBTtNIMNIAKfMTjhpRhxONIr0emxxDOwE0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAcLAXwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: Date: Mon, 29 Oct 2018 20:34:32 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <005c01d46f97$8389d4a0$8a9d7de0$@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="p3rusFNpVgJlhvnEgd9kwCM8fiSs8SHmV" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Oct 2018 17:36:31 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --p3rusFNpVgJlhvnEgd9kwCM8fiSs8SHmV Content-Type: multipart/mixed; boundary="TXeTULvTSs9z4DfunhIW1sMcIHcIX2AB6"; protected-headers="v1" From: "Andrey V. Elsukov" To: Dries Michiels , freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Message-ID: Subject: Re: Configuring IPv6 on jails References: <005c01d46f97$8389d4a0$8a9d7de0$@gmail.com> In-Reply-To: <005c01d46f97$8389d4a0$8a9d7de0$@gmail.com> --TXeTULvTSs9z4DfunhIW1sMcIHcIX2AB6 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 29.10.2018 17:56, Dries Michiels wrote: > * Use IPFW IPv6 prefix translation for the jail /64 prefix; translate > between global routable /64 prefix and fd00::1/64 (as example). The lat= ter > can be statically configured in jail.conf. >=20 > My problem here is that the IPFW rule needs the external prefix as an > argument. My prefix is dynamic so this might be tricky and indicates > scripting to me. >=20 > Isn't there a way to let IPFW determine what interface to use (and thus= IPv6 > prefix) for external translation? (for IPv4 NAT there is no need to spe= cify > the external IPv4 address) Hi, I think I can add this feature to ipfw_nptv6 module, but I need some spare time to implement it. If you are interested, I'll send the patch to you later. What version do you use? I suspect the patch will use some features, that are present only in head/ yet. --=20 WBR, Andrey V. Elsukov --TXeTULvTSs9z4DfunhIW1sMcIHcIX2AB6-- --p3rusFNpVgJlhvnEgd9kwCM8fiSs8SHmV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlvXRKgACgkQAcXqBBDI oXrLLAf8Dod966KaYTepvDIhv2sCpTH29w2xGz8KUepWnPzviGIvtgnOSnXwzWzI KtQ3STftY52/dAmothFTUr6EC2lZEdLmwWYFoD1H9kLhDbJeBm/JxRO7Wvzsgk4U J4sS5giVARD8oiZlnd57GMpsKundSyxNXU0fPDE2grPZfskkd5pjA1R8hBAnT9TT HfD65X1c1syJQb2fpKBZe0rtO0rNqY7IHKVceHOMIup/awkiSDsGgugGB0egLp1I a/N2cfbtyzMAwS/iPvOvcO+FKvGDQzMnMrTTaI0RodrTQugRTOl5b8dYy3CthCvJ J8Bnp/hZiz2kqv8XB5H2uYzmi2G50A== =9L3V -----END PGP SIGNATURE----- --p3rusFNpVgJlhvnEgd9kwCM8fiSs8SHmV-- From owner-freebsd-ipfw@freebsd.org Mon Oct 29 17:46:51 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1DA4210E1557; Mon, 29 Oct 2018 17:46:51 +0000 (UTC) (envelope-from driesm.michiels@gmail.com) Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8968A7AECE; Mon, 29 Oct 2018 17:46:50 +0000 (UTC) (envelope-from driesm.michiels@gmail.com) Received: by mail-ed1-x52c.google.com with SMTP id u12-v6so5215227eds.4; Mon, 29 Oct 2018 10:46:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=LGkloHEpfvrTse0FECSyp4yrWSK168WVNinsf1qvS2E=; b=TDsgoVxlWcHmaQnpbV6/C7CiQpFND5B47LqZeq98AsLkaCpTy9FL1X8h84zwDdI2wA y49bm0iYAeAKq8cjP3mUpJscy9lY/rwhfL54jrb5/cRGcNhDFT2HPsULy8aY0BggHnsN evPYtzzrztPX/ijw19HaMRn8vf1DwcWSEQat8TkQ4tDzg+M2dNo2kyvXOMXZfiKX0VpE wV8buqjHHXkzzLdQ8A52e8847GGGEHBZvnPV+/H3KBMQ8xw191m5vhZVLRHhVzeFmNY2 UnpJ2iBrJE5OrFHNuStzW1nMMVPfYt1fSrhAG0/pBu4337qoli9qU96Gy3lOMI3ITkpF BDgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=LGkloHEpfvrTse0FECSyp4yrWSK168WVNinsf1qvS2E=; b=NDtDJATKBqlftoq1I4N4KQKk63YqVsIDvvCkXTqBeVDARE8VRMyY3S9Z6HIC865YIX rCU3z5OqQeuzhjZ5NNEQ8J6lc7ov34va//yUwxahK6XgeaEF33LaMfknPsXeKQQR1OYG oo22xBBN8OKoWkWESDN6SMM01u4QMcPZaSxEdT4QEXTwIlEbvoQw38bMmOf1R3oK7z3R JzJC2Y+RyBBmKJXg6bJFlYanvnFO2/VD/rDnqzSq9b7FIrC5v5xkoGX2hHdC4UDgt0tU Rxsd285cr2ENZgi7kVb2POXxdKiq6gL0YOVCfu3GEBUc76Ml+wBWB++z/MnREJsZK3kb kEcw== X-Gm-Message-State: AGRZ1gK8fiIbFN2GOFZ8+mF6nn2frffuzEpjDelTbGDLKbheQvye+Ck5 0leR7tnl797kxFnvor2qqDfqH961 X-Google-Smtp-Source: AJdET5dGUzXyW35GiXo46ZKykA/GQctCCA3y2m0upBrfUH8159ChZFWnbR90DBumkrrc+yA8N08nqw== X-Received: by 2002:a17:906:59d6:: with SMTP id m22-v6mr310571ejs.20.1540835209333; Mon, 29 Oct 2018 10:46:49 -0700 (PDT) Received: from DriesPC (ptr-8skldq3xswuq8a34v25.18120a2.ip6.access.telenet.be. [2a02:1811:2512:a100:35fd:d497:da03:c13d]) by smtp.gmail.com with ESMTPSA id z6-v6sm383752edk.25.2018.10.29.10.46.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Oct 2018 10:46:48 -0700 (PDT) From: "Dries Michiels" To: "'Andrey V. Elsukov'" , , References: <005c01d46f97$8389d4a0$8a9d7de0$@gmail.com> In-Reply-To: Subject: RE: Configuring IPv6 on jails Date: Mon, 29 Oct 2018 18:46:49 +0100 Message-ID: <008801d46faf$5ee08780$1ca19680$@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQKIN//ko3STKr82P9ozCTjiUaSwwgHC9cCIo8DU3mA= Content-Language: nl-be X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Oct 2018 17:46:51 -0000 > -----Original Message----- > From: Andrey V. Elsukov > Sent: maandag 29 oktober 2018 18:35 > To: Dries Michiels ; = freebsd-ipfw@freebsd.org; > freebsd-net@freebsd.org > Subject: Re: Configuring IPv6 on jails >=20 > On 29.10.2018 17:56, Dries Michiels wrote: > > * Use IPFW IPv6 prefix translation for the jail /64 prefix; = translate > > between global routable /64 prefix and fd00::1/64 (as example). The > > latter can be statically configured in jail.conf. > > > > My problem here is that the IPFW rule needs the external prefix as = an > > argument. My prefix is dynamic so this might be tricky and indicates > > scripting to me. > > > > Isn't there a way to let IPFW determine what interface to use (and > > thus IPv6 > > prefix) for external translation? (for IPv4 NAT there is no need to > > specify the external IPv4 address) >=20 > Hi, >=20 > I think I can add this feature to ipfw_nptv6 module, but I need some = spare > time to implement it. If you are interested, I'll send the patch to = you later. > What version do you use? I suspect the patch will use some features, = that are > present only in head/ yet. Would be nice! I=E2=80=99m on 12-STABLE. > -- > WBR, Andrey V. Elsukov From owner-freebsd-ipfw@freebsd.org Tue Oct 30 19:53:56 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 400E210F2CF6; Tue, 30 Oct 2018 19:53:56 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward100o.mail.yandex.net (forward100o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::600]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A6B4E76D54; Tue, 30 Oct 2018 19:53:55 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback15o.mail.yandex.net (mxback15o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::66]) by forward100o.mail.yandex.net (Yandex) with ESMTP id 71AA42A26C8B; Tue, 30 Oct 2018 22:53:51 +0300 (MSK) Received: from smtp2o.mail.yandex.net (smtp2o.mail.yandex.net [2a02:6b8:0:1a2d::26]) by mxback15o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id zOT2D4gGyh-rpASlExs; Tue, 30 Oct 2018 22:53:51 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1540929231; bh=UWrwcEkMWPeWYHIDZ2g5BrYTGfel3+pXSE1XDDzUHdE=; h=Subject:To:References:From:Message-ID:Date:In-Reply-To; b=tt5yljd+fcDGFMjnK3Y1nzBTWY2u8uXQ8vKa9MtscrnYuYbytpuRnRg6IOcf/31d0 HTWjdm8hrysEld1W3nTCTOR50fWV1+yiKW+i/uHhWHYcCRwAxS7xPtU+LcfPwarAPK p03PMAtrFQIwKbYYDkyvnovJDcUjrCFWaOYvgRFA= Received: by smtp2o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id tM3GqMIQ7b-rojKDrXA; Tue, 30 Oct 2018 22:53:50 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1540929230; bh=UWrwcEkMWPeWYHIDZ2g5BrYTGfel3+pXSE1XDDzUHdE=; h=Subject:To:References:From:Message-ID:Date:In-Reply-To; b=H4NzStmNQfyP0oz1PMZHohoYwgoKsgk2OHTXjDO0rC3mlq2N0Rz0k3xUomYhNRSGl 5ihdtsGFM2wmcdU4TkB9upc2orp1dtcI8dslB05s5kR0Kd+du+GZBupXNOvoDInSdn 6aKijEY0undS1szayMtG/wBm+cvoMl7cCiOX7SqQ= Authentication-Results: smtp2o.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Configuring IPv6 on jails To: Dries Michiels , freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org References: <005c01d46f97$8389d4a0$8a9d7de0$@gmail.com> <008801d46faf$5ee08780$1ca19680$@gmail.com> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= xsBNBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAHNIkFuZHJleSBWLiBFbHN1a292IDxhZUBmcmVlYnNkLm9yZz7CwHsEEwECACUCGwMGCwkI BwMCBhUIAgkKCwQWAgMBAh4BAheABQJMB/ruAhkBAAoJEAHF6gQQyKF6MLwH/3Ri/TZl9uo0 SepYWXOnxL6EaDVXDA+dLb1eLKC4PRBBjX29ttQ0KaWapiE6y5/AfzOPmRtHLrHYHjd/aiHX GMLHcYRXD+5GvdkK8iMALrZ28X0JXyuuZa8rAxWIWmCbYHNSBy2unqWgTI04Erodk90IALgM 9JeHN9sFqTM6zalrMnTzlcmel4kcjT3lyYw3vOKgoYLtsLhKZSbJoVVVlvRlGBpHFJI5AoYJ SyfXoN0rcX6k9X7Isp2K50YjqxV4v78xluh1puhwZyC0p8IShPrmrp9Oy9JkMX90o6UAXdGU KfdExJuGJfUZOFBTtNIMNIAKfMTjhpRhxONIr0emxxDOwE0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAcLAXwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <7b58aee1-85a8-1caf-9564-f1a5ac26c3ac@yandex.ru> Date: Tue, 30 Oct 2018 22:51:59 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <008801d46faf$5ee08780$1ca19680$@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="P0bErNN1XeyzQ64tF7eRppTbH5XQ8hcII" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Oct 2018 19:53:56 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --P0bErNN1XeyzQ64tF7eRppTbH5XQ8hcII Content-Type: multipart/mixed; boundary="2QFmJvaZZhuCGTGBEXScsh9Hm3184Royj"; protected-headers="v1" From: "Andrey V. Elsukov" To: Dries Michiels , freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Message-ID: <7b58aee1-85a8-1caf-9564-f1a5ac26c3ac@yandex.ru> Subject: Re: Configuring IPv6 on jails References: <005c01d46f97$8389d4a0$8a9d7de0$@gmail.com> <008801d46faf$5ee08780$1ca19680$@gmail.com> In-Reply-To: <008801d46faf$5ee08780$1ca19680$@gmail.com> --2QFmJvaZZhuCGTGBEXScsh9Hm3184Royj Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 29.10.2018 20:46, Dries Michiels wrote: >>> Isn't there a way to let IPFW determine what interface to use (and >>> thus IPv6 >>> prefix) for external translation? (for IPv4 NAT there is no need to >>> specify the external IPv4 address) >> >> Hi, >> >> I think I can add this feature to ipfw_nptv6 module, but I need some s= pare >> time to implement it. If you are interested, I'll send the patch to yo= u later. >> What version do you use? I suspect the patch will use some features, t= hat are >> present only in head/ yet. >=20 > Would be nice! I=E2=80=99m on 12-STABLE. Hi, I published the patch: https://reviews.freebsd.org/D17765 For stable/12 you need to apply patch from r339537: https://reviews.freebsd.org/D17100 --=20 WBR, Andrey V. Elsukov --2QFmJvaZZhuCGTGBEXScsh9Hm3184Royj-- --P0bErNN1XeyzQ64tF7eRppTbH5XQ8hcII Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlvYtl8ACgkQAcXqBBDI oXpvAgf/fI5PW3H+fcmcDJyicD/dyC7kJ4C++jj6eftvSYVSazszgUPZstUnM52h +rOGacGLl56fy9u4mVNQRXXuHcKANtxlN8x/2UvzXFbsfGXx1mOttR+gcp4LgtNV cEoow/wAW5JrUuQkAupaM5D4AouVT+Nk9s1rPZ0rjOPzOYsIe4t49tSUty9V6vc8 zfUKGRPsK2Yt21cBvov9/ODyopOexkD5t1jJXhoVSnIw3zSA+nWH5hewG8kE05ax eKunhzHk8hnu0egQDpnJLE4p3PxBRUj/X0aK51jgm2uL5XpjaFw5UspX/RIdJqXE cWnrI6fqZ/pUz/2fh0PNC7o9Bpv1Iw== =5lJi -----END PGP SIGNATURE----- --P0bErNN1XeyzQ64tF7eRppTbH5XQ8hcII--