Date: Mon, 29 Oct 2018 15:56:02 +0100 From: "Dries Michiels" <driesm.michiels@gmail.com> To: <freebsd-ipfw@freebsd.org>, <freebsd-net@freebsd.org> Subject: Configuring IPv6 on jails Message-ID: <005c01d46f97$8389d4a0$8a9d7de0$@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I'm converting everything in my network to dual stack. So far so good. I came to a stop when I started to think about my jails. Right now my jails have a private IPv4 address and get NAT-ed by IPFW to reach to IPv4 internet. My ISP gives me a /56 IPv6 prefix which I obtain by using DHCPv6 (net/dhcp6). net/dhcp6 puts a /64 prefix from that /56 range on my LAN interface and from there rtadvd takes over. How can I assign a global address to my jails without too much scripting (using net/dhcp6 or other solutions, see below)? I was thinking about a few solutions; * Either use VIMAGE for the jails. Attach jails to the same bridge, use net/dhcp6 to put a /64 prefix on the bridge and let rtadvd run on it. This way I can use rtsold in the jails to obtain an IPv6 address from the prefix assigned to the bridge. * Use IPFW IPv6 prefix translation for the jail /64 prefix; translate between global routable /64 prefix and fd00::1/64 (as example). The latter can be statically configured in jail.conf. My problem here is that the IPFW rule needs the external prefix as an argument. My prefix is dynamic so this might be tricky and indicates scripting to me. Isn't there a way to let IPFW determine what interface to use (and thus IPv6 prefix) for external translation? (for IPv4 NAT there is no need to specify the external IPv4 address) * Script everything .. put some IPv6 addresses on my jail interface (lo1 at the moment) and script it so that jail.conf picks an IPv6 address from that interface. Right now my biggest question is how I can make my jails access the internet over IPv6 using a dynamic /64 prefix without scripting. Can anyone give me some extra advice, help, or indicate another more elegant solution in deploying my setup? Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005c01d46f97$8389d4a0$8a9d7de0$>