IPv6 in jails

Victor Sudakov vas at sibptus.ru
Thu Mar 19 07:01:11 UTC 2020 

Jacques Foucry wrote:
> > > 
> > > > 
> > > > Is IPv6 in jails supposed to work? Does not work for me, what am I doing
> > > > wrong?
> > > 
> > > Suppose to work, and work for me.
> > > > 
> > > > Here is a test jail:
> > > > 
> > > > test4 { 
> > > >         path = /d02/jails/test4 ;
> > > >         mount.devfs;
> > > >         ip4 = new;
> > > >         ip6 = new;
> > > >         ip4.addr = 192.168.4.204/24;
> > > >         ip6.addr = 2001:470:ecba:3::4/64;
> > > >         host.hostname = test4.vas.sibptus.ru ;
> > > >         interface = re1 ;
> > > >         allow.raw_sockets = true ;
> > > >         exec.start = "/bin/sh /etc/rc";
> > > >         exec.stop = "/bin/sh /etc/rc.shutdown";
> > > > }
> > > 
> > > 
> > > Well there is a difference between your config and mine:
> > > 
> > > ip6.addr="em0|2a01:4f9:4a:1fd8::16/64";
> > > 
> > > In my config there is the interface to use (em0 in my case, re1 should be in
> > > yours)
> > 
> > I have a more generic "interface = re1" statement, but replacing it with
> > ip6.addr = "re1|2001:470:ecba:3::4" did not produce any effect on the
> > jailed daemons.
> > 
> > Of course the IPv6 address is present on re1 in both cases (my
> > syntax and your syntax). When the jail is stopped, the address goes
> > away.
> 
> Did you try to declare the IPv6 as an alias in 
> /etc/rc.conf file?
> 
> # Jail Mail
> ifconfig_em0_alias4="inet6 2a01:4f9:4a:1fd8::17 prefixlen 64"

No, I'd prefer for these addresses to be handled by the jail
infrastructure. That is, I want an address to appear when the
corresponding jail goes up, and to disapper when the jail is shut down.

> 
> Restarting the network stack will make ip persistent and I hope usable by your
> jail.
> 

I don't want it persistent. If a jail is shut down but its address
persists, it can have undesirable consequences of it suddenly pointing
at the host system.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200319/5dfffdd0/attachment.sig>

More information about the freebsd-net mailing list