Need help with VNET, Jail and IPv6

Jacques Foucry jacques+freebsd at foucry.net
Tue Jan 5 11:05:06 UTC 2021 

Hello all,

On my hosted machine I already have many "classical" jails.

But I would like to switch to modern schema with Bridge and vnet.

With IPv4 I have no problem. In fact is almost like without Bridge/VNET:

ifconfig em0bridge     
em0bridge: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 02:36:b3:c1:8a:00
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 1 priority 128 path cost 20000
	groups: bridge
	nd6 options=9<PERFORMNUD,IFDISABLED>

nyjail{
   host.hostname="mywebite.fr";
   path="/jails/mywebsite";
  
   allow.mount=true;
   allow.raw_sockets;
   vnet;
   vnet.interface   = "e0b_${name}";

   exec.prestart   += "jib addm ${name} em0";
   exec.poststop   += "jib destroy ${name}";

   exec.start      = "/sbin/ifconfig e0b_${name} 10.1.1.28/24";
   exec.start     += "/sbin/route add default 10.1.1.254";

   exec.poststart += "/sbin/ifconfig e0a_${name} 10.1.1.254/24";
   
   exec.poststop  += "/sbin/ifconfig e0b_${name} -vnet ${name}";
   exec.poststop  += "/sbin/ifconfig deletem e0b_${name}";
   exec.poststop  += "sleep 2";
   exec.poststop  += "/sbin/ifconfig e0b_${name} destroy";

   persist=true;
   mount.fstab="/etc/fstab.${name}";
}

With pf I could connect througt ssh to my jail:

jails_net = "{192.168.12.0/24 10.1.1.0/24}"

nat on $ext_if from $jails_net to any -> ($ext_if)

myjail_v4="10.1.1.28"
myjail_v6="2a01:4f9:4a:1fd8::28"
myjail_ports = 2228

rdr on $ext_if inet proto tcp from any to $ext_if port $myjail_ports -> $myjail_v4
rdr on $ext_if inet6 proto tcp from any to $ext_if port $myjail_ports -> $myjail_v6

pass in log quick on $ext_if proto tcp from any to $myjail_v4 port 
pass in log quick on $ext_if proto tcp from any to $myjail_v6 port 


The old fashion mail use em0_alias for IPv6

em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=81009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWFILTER>
	ether b4:2e:99:6a:80:9d
	inet6 2a01:4f9:4a:1fd8::2 prefixlen 64
	inet6 fe80::b62e:99ff:fe6a:809d%em0 prefixlen 64 scopeid 0x1
	inet6 2a01:4f9:4a:1fd8::5 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::16 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::14 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::15 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::21 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::25 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::29 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::17 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::11 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::12 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::18 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::22 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::19 prefixlen 64
	inet6 2a01:4f9:4a:1fd8::28 prefixlen 64
	inet 95.217.83.231 netmask 0xffffffc0 broadcast 95.217.83.255
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

My goal is first to have on jail (myjail) working with IPv4 and IPv6 then,
slowly migrate the old jail to the new way.

So, I need help to configure myjail to have IPv6 working:
- configure a IPv6 on e0b_myjail is easy, but which defaultrouter6 did I use?
- did the bridge have an IPv6 to be the defaultrouter6? I try with no luck.
- did I need some configuration on PF?

Thanks for reading me (I sure I not really clear) and for your advice.

Btw, after I successfully configure myjail (and the other one) I will wrote a
how-to.

-- 
Jacques Foucry

More information about the freebsd-jail mailing list