Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 2 Sep 2009 18:04:42 +0200
From:      FLEURIOT Damien <ml-SPAM@my.gd>
To:        "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc:        freebsd-jail@FreeBSD.org, freebsd-stable@freebsd.org
Subject:   Re: Not getting an IPv6 in a jail
Message-ID:  <20090902160440.GA28417@sd-13813.dedibox.fr>
In-Reply-To: <20090901200313.J68375@maildrop.int.zabbadoz.net>
References:  <ff6efe7e0909011230i414b6791k707f5c58383e9b53@mail.gmail.com> <20090901200313.J68375@maildrop.int.zabbadoz.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 01, 2009 at 08:15:24PM +0000 or thereabouts, Bjoern A. Zeeb wrote:
> On Tue, 1 Sep 2009, Major Domo wrote:
> 
> Hi,
> 
> >Apologies if this has been discussed already but I searched the web
> >and the mailing lists and haven't found hints on my problem.
> >
> >I've got a jail, I assign it a set of IP addresses, and it just won't
> >take the IP6 I give it.
> >
> >
> >Uname:
> >FreeBSD 7.2-STABLE
> >
> >jail_ns_ip="192.168.0.252,fe80::c0a8:fc"
> >
> >jls -v:
> >  JID  Hostname                      Path
> >       Name                          State
> >       CPUSetID
> >       IP Address(es)
> >   23  [snip]                      /var/jail/ns
> >                                     ALIVE
> >       2
> >       192.168.0.252
> >       fe80::c0a8:fc
> >
> >
> >ifconfig lo252 from the host:
> >lo252: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> >       inet 192.168.0.252 netmask 0xffffffff
> >       inet6 fe80::c0a8:fc%lo252 prefixlen 128 scopeid 0x5
> >
> >
> >ifconfig from the jail:
> >re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> >       options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
> >       ether 00:e0:f4:19:e9:d2
> >       media: Ethernet autoselect (100baseTX <full-duplex>)
> >       status: active
> >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> >pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
> >lo252: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> >       inet 192.168.0.252 netmask 0xffffffff
> 
> 
> This is a rather special case.  For link-local addresses you have to
> give the scope as well but it won't take the scope with the %lo252
> notation but only in the KAME in-kernel syntax I would assume.
> Can you try:
> 
> jail_ns_ip="192.168.0.252,fe80:5::c0a8:fc"
> 
> Note the added 5 in the second group of hex digits.  That five is the
> interface index.  I took it from the "scopeid 0x5". In case your
> interface index changes you will need to adjust the address.
> 
> I cannot say if it'll work but it would be worth a try.
> 
> /bz
> 
> -- 
> Bjoern A. Zeeb           What was I talking about and who are you again?


Hi list, Bjoern, John,


I confirm it is now working with the following line in /etc/rc.conf:
jail_ns_ip="192.168.0.252,fec0:5::df:252"

along with redirections in /etc/pf.conf:
rdr pass log on $ext_if inet proto {tcp,udp} to $ext_if port 53 ->
$lo252_if port 53
rdr pass log on $ext_if inet6 proto {tcp,udp} to $ext_if port 53 ->
$lo252_if port 53


Notice the use of both the interface's index and a site-local ip6
address instead of the old fe80 as suggested.

BIND's now happily running in its jail and responding to public
queries.


Perhaps a small addition to the jails entry in the Handbook to
advise people about the use of IP6 addresses on loopback interfaces
would be warranted ?

I realize how lousy it is to NAT IP6 but my host assigns only 1
IP6 address per server.


Thanks for the help !

Regards

--
Damien



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090902160440.GA28417>