IPv6 only Jails cannot connect to the outside world

Jon Radel jon at radel.com
Mon Oct 5 01:54:40 UTC 2015


On 10/4/15 7:15 PM, Adam Vande More wrote:
> You haven't demonstrated IPv6 doesn't work.  You've only demonstrated name
> resolution on an IPv6 jail doesn't work.
>
To expand on Adam's observation, I use an IPv6-only (well it does have 
an IPv4 loopback address) jail on an otherwise dual-stacked machine, 
using ezjail and it works fine.  Of course

root at mns:~ # cat /etc/resolv.conf
search radel.com
nameserver 2001:4830:1707:5237::10:1
nameserver 2001:470:880a:5237::7:1
options edns0 timeout:1
root at mns:~ #

I don't bother mentioning ipv4 resolvers in resolv.conf, but the end 
result is that the test you were trying works fine:

root at mns:~ # telnet google.com 80
Trying 2607:f8b0:4004:807::1006...
Connected to google.com.
Escape character is '^]'.
blort
HTTP/1.0 400 Bad Request
<snip>

and from /usr/local/etc/ezjail the most pertinent part of the config for 
that jail:

export jail_mns_radel_com_hostname="mns.radel.com"
export 
jail_mns_radel_com_ip="lo1|127.0.0.2,em0|2001:4830:1707:5237::10:2:1,em0|2001:470:880a:5237::10:2:1"


--Jon Radel
jon at radel.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3890 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20151004/286c107f/attachment.bin>


More information about the freebsd-questions mailing list