jail sshd ipv6 error
James Gritton
jamie at gritton.org
Wed Apr 26 15:19:54 UTC 2017
On 2017-04-26 00:32, Ørjan Tønder wrote:
> Apr 26 08:12:04 irssi sshd[41415]: error: Bind to port 22 on
> 2001:dead:beef:0:dacb:8aff:feea:9 failed: Can't assign requested
> address.
> Apr 26 08:12:04 irssi sshd[41415]: fatal: Cannot bind any address.
>
> this is solved by
>
> net.inet6.ip6.dad_count: 1 -> 0
>
> what am i actually disabling here?
>
> And why are sshd inside jails not able too bind address dad_count is
> enabled?
There's some kind of clash between IPv6 neighbor discovery and jails,
which is so far only worked around and not fixed. I'm not sure of the
mechanics of it since I'm IPv6-less myself, but setting dad_count to
zero makes sense as it would let an address be immediately configured
without waiting for some kind of external confirmation. It seems this
is really geared toward dynamic addresses, which jails seldom have (if
they do, they're likely using vnet).
In particular, what you're disabling is the sending out of a neighbor
solicitation message that makes sure no one else is using the address
you're setting. So if you know your configuration is correct there
should be no worries.
- Jamie
More information about the freebsd-jail
mailing list