Date: Thu, 3 Sep 2009 13:13:58 +0800 From: Mars G Miro <spry@anarchy.in.the.ph> To: Mark Andrews <marka@isc.org>, FLEURIOT Damien <ml-SPAM@my.gd>, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Not getting an IPv6 in a jail Message-ID: <f12f408a0909022213p43ae39cevcf3e7d5a077cef0f@mail.gmail.com> In-Reply-To: <200909022304.n82N4PHe079957@drugs.dv.isc.org> References: <ff6efe7e0909011230i414b6791k707f5c58383e9b53@mail.gmail.com> <20090901200313.J68375@maildrop.int.zabbadoz.net> <20090902160440.GA28417@sd-13813.dedibox.fr> <200909022304.n82N4PHe079957@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 3, 2009 at 7:04 AM, Mark Andrews<marka@isc.org> wrote:
>
> In message <20090902160440.GA28417@sd-13813.dedibox.fr>, FLEURIOT Damien =
writes
> :
>> On Tue, Sep 01, 2009 at 08:15:24PM +0000 or thereabouts, Bjoern A. Zeeb =
wrote
>> :
>> > On Tue, 1 Sep 2009, Major Domo wrote:
>> >
>> > Hi,
>> >
>> > >Apologies if this has been discussed already but I searched the web
>> > >and the mailing lists and haven't found hints on my problem.
>> > >
>> > >I've got a jail, I assign it a set of IP addresses, and it just won't
>> > >take the IP6 I give it.
>> > >
>> > >
>> > >Uname:
>> > >FreeBSD 7.2-STABLE
>> > >
>> > >jail_ns_ip=3D"192.168.0.252,fe80::c0a8:fc"
>> > >
>> > >jls -v:
>> > > =A0JID =A0Hostname =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Path
>> > > =A0 =A0 =A0 Name =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
State
>> > > =A0 =A0 =A0 CPUSetID
>> > > =A0 =A0 =A0 IP Address(es)
>> > > =A0 23 =A0[snip] =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/var/jai=
l/ns
>> > > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 ALIVE
>> > > =A0 =A0 =A0 2
>> > > =A0 =A0 =A0 192.168.0.252
>> > > =A0 =A0 =A0 fe80::c0a8:fc
>> > >
>> > >
>> > >ifconfig lo252 from the host:
>> > >lo252: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>> > > =A0 =A0 =A0 inet 192.168.0.252 netmask 0xffffffff
>> > > =A0 =A0 =A0 inet6 fe80::c0a8:fc%lo252 prefixlen 128 scopeid 0x5
>> > >
>> > >
>> > >ifconfig from the jail:
>> > >re0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mt=
u 1500
>> > > =A0 =A0 =A0 options=3D389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLA=
N_HWCSUM,WOL_
>> UCAST,WOL_MCAST,WOL_MAGIC>
>> > > =A0 =A0 =A0 ether 00:e0:f4:19:e9:d2
>> > > =A0 =A0 =A0 media: Ethernet autoselect (100baseTX <full-duplex>)
>> > > =A0 =A0 =A0 status: active
>> > >lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>> > >pflog0: flags=3D141<UP,RUNNING,PROMISC> metric 0 mtu 33204
>> > >lo252: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>> > > =A0 =A0 =A0 inet 192.168.0.252 netmask 0xffffffff
>> >
>> >
>> > This is a rather special case. =A0For link-local addresses you have to
>> > give the scope as well but it won't take the scope with the %lo252
>> > notation but only in the KAME in-kernel syntax I would assume.
>> > Can you try:
>> >
>> > jail_ns_ip=3D"192.168.0.252,fe80:5::c0a8:fc"
>> >
>> > Note the added 5 in the second group of hex digits. =A0That five is th=
e
>> > interface index. =A0I took it from the "scopeid 0x5". In case your
>> > interface index changes you will need to adjust the address.
>> >
>> > I cannot say if it'll work but it would be worth a try.
>> >
>> > /bz
>> >
>> > --
>> > Bjoern A. Zeeb =A0 =A0 =A0 =A0 =A0 What was I talking about and who ar=
e you again?
>>
>>
>> Hi list, Bjoern, John,
>>
>>
>> I confirm it is now working with the following line in /etc/rc.conf:
>> jail_ns_ip=3D"192.168.0.252,fec0:5::df:252"
>>
>> along with redirections in /etc/pf.conf:
>> rdr pass log on $ext_if inet proto {tcp,udp} to $ext_if port 53 ->
>> $lo252_if port 53
>> rdr pass log on $ext_if inet6 proto {tcp,udp} to $ext_if port 53 ->
>> $lo252_if port 53
>>
>>
>> Notice the use of both the interface's index and a site-local ip6
>> address instead of the old fe80 as suggested.
>>
>> BIND's now happily running in its jail and responding to public
>> queries.
>>
>>
>> Perhaps a small addition to the jails entry in the Handbook to
>> advise people about the use of IP6 addresses on loopback interfaces
>> would be warranted ?
>>
>> I realize how lousy it is to NAT IP6 but my host assigns only 1
>> IP6 address per server.
>
> Then complain. =A0There is no reason to be miserly with IPv6 addresses.
>
True that. Or just sign up @HE. They can give you up to 4 tunnels w/ a
/64 and a /48 (if you opt) for each of these 4 tunnels!
All you hafta do is give them your contact info and a public IPv4 and
it doesn't hafta be static --- there are tools to update their
records..
>> Thanks for the help !
>>
>> Regards
>>
>> --
>> Damien
>> _______________________________________________
>> freebsd-stable@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org=
"
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 INTERNET: marka@is=
c.org
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
>
--=20
cheers
mars
-----
Marie von Ebner-Eschenbach - "Even a stopped clock is right twice a
day." - http://www.brainyquote.com/quotes/authors/m/marie_von_ebnereschenba=
c.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f12f408a0909022213p43ae39cevcf3e7d5a077cef0f>