From owner-freebsd-jail@FreeBSD.ORG Wed Sep 2 23:04:36 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E3981106566B; Wed, 2 Sep 2009 23:04:35 +0000 (UTC) (envelope-from marka@isc.org) Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) by mx1.freebsd.org (Postfix) with ESMTP id 9614D8FC18; Wed, 2 Sep 2009 23:04:35 +0000 (UTC) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id C11C7E6024; Wed, 2 Sep 2009 23:04:33 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id n82N4PHe079957; Thu, 3 Sep 2009 09:04:28 +1000 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200909022304.n82N4PHe079957@drugs.dv.isc.org> To: FLEURIOT Damien From: Mark Andrews References: <20090901200313.J68375@maildrop.int.zabbadoz.net> <20090902160440.GA28417@sd-13813.dedibox.fr> In-reply-to: Your message of "Wed, 02 Sep 2009 18:04:42 +0200." <20090902160440.GA28417@sd-13813.dedibox.fr> Date: Thu, 03 Sep 2009 09:04:25 +1000 Sender: marka@isc.org Cc: "Bjoern A. Zeeb" , freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Not getting an IPv6 in a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2009 23:04:36 -0000 In message <20090902160440.GA28417@sd-13813.dedibox.fr>, FLEURIOT Damien writes : > On Tue, Sep 01, 2009 at 08:15:24PM +0000 or thereabouts, Bjoern A. Zeeb wrote > : > > On Tue, 1 Sep 2009, Major Domo wrote: > > > > Hi, > > > > >Apologies if this has been discussed already but I searched the web > > >and the mailing lists and haven't found hints on my problem. > > > > > >I've got a jail, I assign it a set of IP addresses, and it just won't > > >take the IP6 I give it. > > > > > > > > >Uname: > > >FreeBSD 7.2-STABLE > > > > > >jail_ns_ip="192.168.0.252,fe80::c0a8:fc" > > > > > >jls -v: > > > JID Hostname Path > > > Name State > > > CPUSetID > > > IP Address(es) > > > 23 [snip] /var/jail/ns > > > ALIVE > > > 2 > > > 192.168.0.252 > > > fe80::c0a8:fc > > > > > > > > >ifconfig lo252 from the host: > > >lo252: flags=8049 metric 0 mtu 16384 > > > inet 192.168.0.252 netmask 0xffffffff > > > inet6 fe80::c0a8:fc%lo252 prefixlen 128 scopeid 0x5 > > > > > > > > >ifconfig from the jail: > > >re0: flags=8843 metric 0 mtu 1500 > > > options=389b UCAST,WOL_MCAST,WOL_MAGIC> > > > ether 00:e0:f4:19:e9:d2 > > > media: Ethernet autoselect (100baseTX ) > > > status: active > > >lo0: flags=8049 metric 0 mtu 16384 > > >pflog0: flags=141 metric 0 mtu 33204 > > >lo252: flags=8049 metric 0 mtu 16384 > > > inet 192.168.0.252 netmask 0xffffffff > > > > > > This is a rather special case. For link-local addresses you have to > > give the scope as well but it won't take the scope with the %lo252 > > notation but only in the KAME in-kernel syntax I would assume. > > Can you try: > > > > jail_ns_ip="192.168.0.252,fe80:5::c0a8:fc" > > > > Note the added 5 in the second group of hex digits. That five is the > > interface index. I took it from the "scopeid 0x5". In case your > > interface index changes you will need to adjust the address. > > > > I cannot say if it'll work but it would be worth a try. > > > > /bz > > > > -- > > Bjoern A. Zeeb What was I talking about and who are you again? > > > Hi list, Bjoern, John, > > > I confirm it is now working with the following line in /etc/rc.conf: > jail_ns_ip="192.168.0.252,fec0:5::df:252" > > along with redirections in /etc/pf.conf: > rdr pass log on $ext_if inet proto {tcp,udp} to $ext_if port 53 -> > $lo252_if port 53 > rdr pass log on $ext_if inet6 proto {tcp,udp} to $ext_if port 53 -> > $lo252_if port 53 > > > Notice the use of both the interface's index and a site-local ip6 > address instead of the old fe80 as suggested. > > BIND's now happily running in its jail and responding to public > queries. > > > Perhaps a small addition to the jails entry in the Handbook to > advise people about the use of IP6 addresses on loopback interfaces > would be warranted ? > > I realize how lousy it is to NAT IP6 but my host assigns only 1 > IP6 address per server. Then complain. There is no reason to be miserly with IPv6 addresses. > Thanks for the help ! > > Regards > > -- > Damien > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org