From nobody Mon Oct 02 10:30:49 2023
X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rzcg004Q3z4vv7w
	for <freebsd-net@mlmmj.nyi.freebsd.org>; Mon,  2 Oct 2023 10:30:52 +0000 (UTC)
	(envelope-from felix.reichenberger@tuta.io)
Received: from w4.tutanota.de (w4.tutanota.de [81.3.6.165])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mail.tutanota.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Rzcfz1tFXz4cGk
	for <freebsd-net@freebsd.org>; Mon,  2 Oct 2023 10:30:50 +0000 (UTC)
	(envelope-from felix.reichenberger@tuta.io)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=tuta.io header.s=s1 header.b=LrQCbp4Z;
	spf=pass (mx1.freebsd.org: domain of felix.reichenberger@tuta.io designates 81.3.6.165 as permitted sender) smtp.mailfrom=felix.reichenberger@tuta.io;
	dmarc=pass (policy=quarantine) header.from=tuta.io
Received: from tutadb.w10.tutanota.de (unknown [192.168.1.10])
	by w4.tutanota.de (Postfix) with ESMTP id 80B0F1060157;
	Mon,  2 Oct 2023 10:30:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1696242649;
	s=s1; d=tuta.io;
	h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Content-Transfer-Encoding:Cc:Cc:Date:Date:In-Reply-To:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:References:Sender;
	bh=S0QbC0M79rszNe/7nJB6WFPp4HF8tdsNF8geMR9h8Ck=;
	b=LrQCbp4ZII+jczbnjybykU2im1Ja6DsaFk7YHaBafgNhi/uBY72Q2rZPNdqfPQvS
	E6Dib1+lN2z3TsfGOvWr3NYOMrj4wmFznlX8QsaofcNdX3op9/mw/LKX5GtfWaeBjA2
	vDZD35gP7giLX8ZjrhNEjQYn66ee/92OeWbLNSAMQcW/WnFmBbdv8/OZEqz9BxjEOrQ
	fPFS0OIW0pnASWX36ejrNNg6xpwEkXoylDloSB/T/FWOtliBMQred37tWRWvfMYIleA
	KgFF4Ccq26u2kjuIUgC+3OgW6G1bJzfbyz8b0fMMLUjuTRv4xtxCvkCbNuiNmmLwtOR
	yt9GPL1PZA==
Date: Mon, 2 Oct 2023 12:30:49 +0200 (CEST)
From: felix.reichenberger@tuta.io
To: Benoit Chesneau <benoitc@enki-multimedia.eu>
Cc: "freebsd-net@FreeBSD.org" <freebsd-net@freebsd.org>
Message-ID: <Nfjw-wM--3-9@tuta.io>
In-Reply-To: <t1d4CimLo2K345CiV8mGDaQrW5KW1Kz335yZOtRdu-XGYjY7m2zHVkxBOSxxLXavsgCVxWSVVO1JXNQ9F294ywF7MWuGh0L6HrYbKKvB2rA=@enki-multimedia.eu-Nfjo6s_----9>
References: <t1d4CimLo2K345CiV8mGDaQrW5KW1Kz335yZOtRdu-XGYjY7m2zHVkxBOSxxLXavsgCVxWSVVO1JXNQ9F294ywF7MWuGh0L6HrYbKKvB2rA=@enki-multimedia.eu> <t1d4CimLo2K345CiV8mGDaQrW5KW1Kz335yZOtRdu-XGYjY7m2zHVkxBOSxxLXavsgCVxWSVVO1JXNQ9F294ywF7MWuGh0L6HrYbKKvB2rA=@enki-multimedia.eu-Nfjo6s_----9>
Subject: Re: ipv6 only host and no IPV4 in jail?
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spamd-Bar: --
X-Spamd-Result: default: False [-2.89 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.99)[-0.991];
	DMARC_POLICY_ALLOW(-0.50)[tuta.io,quarantine];
	R_DKIM_ALLOW(-0.20)[tuta.io:s=s1];
	R_SPF_ALLOW(-0.20)[+ip4:81.3.6.160/28];
	MIME_GOOD(-0.10)[text/plain];
	ONCE_RECEIVED(0.10)[];
	RCVD_COUNT_ONE(0.00)[1];
	MLMMJ_DEST(0.00)[freebsd-net@freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:24679, ipnet:81.3.0.0/18, country:DE];
	RCPT_COUNT_TWO(0.00)[2];
	FROM_NO_DN(0.00)[];
	TO_DN_SOME(0.00)[];
	ARC_NA(0.00)[];
	RCVD_IN_DNSWL_NONE(0.00)[81.3.6.165:from];
	BLOCKLISTDE_FAIL(0.00)[81.3.6.165:server fail];
	DKIM_TRACE(0.00)[tuta.io:+];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	TO_DN_EQ_ADDR_SOME(0.00)[]
X-Rspamd-Queue-Id: 4Rzcfz1tFXz4cGk

Hi,

since your VNET jail has its own network stack, it shouldn't matter that yo=
ur host is IPv6-only.
I myself run dual-stack Bastille jails on IPv6-only hosts without any probl=
ems.

What kind of errors do you get when trying to access the internet via IPv4 =
from your jail, and does it work with IPv6?

Regards


2. Okt. 2023, 11:55 von benoitc@enki-multimedia.eu:

> Hi all,=C2=A0
>
> I have a weird issue there,
>
> I have an ipv6 only host aon which I am starting a jail.Jalil have a vnet=
 interface =C2=A0through a bridge created on the host:
>
> For some reason the jail can't get access and is not accessible to intern=
et when I setup an IPV4 on it (and right gateway). Is this something expect=
ed? SHould the Host be also IPV4 aware?
>
> Host config:
>
> Host:
> ```
> vlan200bridge: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metri=
c 0 mtu 9000
> ether 58:9c:fc:10:fc:41
> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> member: e0a_bastille4 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> =C2=A0 =C2=A0 =C2=A0 =C2=A0ifmaxaddr 0 port 8 priority 128 path cost 2000
> member: tap0 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> =C2=A0 =C2=A0 =C2=A0 =C2=A0ifmaxaddr 0 port 9 priority 128 path cost 2000=
000
> member: tap1 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> =C2=A0 =C2=A0 =C2=A0 =C2=A0ifmaxaddr 0 port 10 priority 128 path cost 200=
0000
> member: vlan200 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> =C2=A0 =C2=A0 =C2=A0 =C2=A0ifmaxaddr 0 port 6 priority 128 path cost 800
> groups: bridge
>
> e0a_bastille4: flags=3D8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAS=
T> metric 0 mtu 9000
> description: vnet host interface for Bastille jail fpcouchdb
> options=3D8<VLAN_MTU>
> ether 02:20:9c:4c:84:f0
> hwaddr 02:c4:b5:3a:91:0a
> groups: epair
> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
> status: active
> nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> ```
>
> Guest
>
> ```
> # ifconfig vnet0
> vnet0: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu =
1500
> options=3D8<VLAN_MTU>
> ether 0e:20:9c:4c:84:f0
> hwaddr 02:c4:b5:3a:91:0b
> inet6 XXXX:XXXX:XXXX:200::30 prefixlen 64
> inet6 fe80::c20:9cff:fe4c:84f0%vnet0 prefixlen 64 scopeid 0x2
> inet 10.200.1.8 netmask 0xffffff00 broadcast 10.200.1.255
> groups: epair
> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
> status: active
> nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
> # netstat -rn4
> Routing tables
>
> Internet:
> Destination =C2=A0 =C2=A0 =C2=A0 =C2=A0Gateway =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0Flags =C2=A0 =C2=A0 Netif Expire
> default =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A010.200.1.1 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 UGS =C2=A0 =C2=A0 =C2=A0 vnet0
> 10.200.1.0/24 =C2=A0 =C2=A0 =C2=A0link#2 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 U =C2=A0 =C2=A0 =C2=A0 =C2=A0 vnet0
> 10.200.1.8 =C2=A0 =C2=A0 =C2=A0 =C2=A0 link#2 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 UHS =C2=A0 =C2=A0 =C2=A0 =C2=A0 lo0
> 127.0.0.1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0link#1 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 UH =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0
> ```
>
> Beno=C3=AEt Chesneau, Enki Multimedia
> =E2=80=94
> t. +33608655490=C2=A0
>
> Sent with > Proton Mail <https://proton.me/>>  secure email.
>