IPv6 only Jails cannot connect to the outside world
Jon Radel
jon at radel.com
Mon Oct 5 01:54:40 UTC 2015
On 10/4/15 7:15 PM, Adam Vande More wrote:
> You haven't demonstrated IPv6 doesn't work. You've only demonstrated name
> resolution on an IPv6 jail doesn't work.
>
To expand on Adam's observation, I use an IPv6-only (well it does have
an IPv4 loopback address) jail on an otherwise dual-stacked machine,
using ezjail and it works fine. Of course
root at mns:~ # cat /etc/resolv.conf
search radel.com
nameserver 2001:4830:1707:5237::10:1
nameserver 2001:470:880a:5237::7:1
options edns0 timeout:1
root at mns:~ #
I don't bother mentioning ipv4 resolvers in resolv.conf, but the end
result is that the test you were trying works fine:
root at mns:~ # telnet google.com 80
Trying 2607:f8b0:4004:807::1006...
Connected to google.com.
Escape character is '^]'.
blort
HTTP/1.0 400 Bad Request
<snip>
and from /usr/local/etc/ezjail the most pertinent part of the config for
that jail:
export jail_mns_radel_com_hostname="mns.radel.com"
export
jail_mns_radel_com_ip="lo1|127.0.0.2,em0|2001:4830:1707:5237::10:2:1,em0|2001:470:880a:5237::10:2:1"
--Jon Radel
jon at radel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3890 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20151004/286c107f/attachment.bin>
More information about the freebsd-questions
mailing list