Re: IPv6 in jails

Victor Sudakov Wed, 18 Mar 2020 08:51:53 -0700

Miroslav Lachman wrote:
> Victor Sudakov wrote on 2020/03/18 16:15:
> > 
> > Is IPv6 in jails supposed to work? Does not work for me, what am I doing
> > wrong?
> > 
> > Here is a test jail:
> > 
> > test4 {
> >          path = /d02/jails/test4 ;
> >          mount.devfs;
> >          ip4 = new;
> >          ip6 = new;
> >          ip4.addr = 192.168.4.204/24;
> >          ip6.addr = 2001:470:ecba:3::4/64;
> >          host.hostname = test4.vas.sibptus.ru ;
> >          interface = re1 ;
> >          allow.raw_sockets = true ;
> >          exec.start = "/bin/sh /etc/rc";
> >          exec.stop = "/bin/sh /etc/rc.shutdown";
> > }
> > 
> > However when I look from inside the jail, I see the daemons listening
> > only on IPv4:
> > 
> > root@test4:/ # sockstat -l
> > USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
> > root     sendmail   17178 3  tcp4   192.168.4.204:25      *:*
> > root     sshd       17175 3  tcp4   192.168.4.204:22      *:*
> > root     syslogd    17110 5  udp4   192.168.4.204:514     *:*
> > 
> > If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead
> > of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not
> > available inside the jail).
> 
> If sshd in the host is configured to listen on all available interfaces and
> addresses (the default) then it will catch your jails IP too.


Why is it not catching the 192.168.4.204 address then? 

> You must configure sshd in the host to listen only on hosts IP and then you
> will connect to the jails sshd.

OK, I've stopped the sshd on the host entirely, and restarted the jails.
Why am I still not seeing the jailed sshd listening on tcp6?

root@test4:/ # sockstat -l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN
ADDRESS
root     sendmail   17995 3  tcp4   192.168.4.204:25      *:*
root     sshd       17992 3  tcp4   192.168.4.204:22      *:*
root     syslogd    17927 5  udp4   192.168.4.204:514     *:*
root     syslogd    17927 6  dgram  /var/run/log
root     syslogd    17927 7  dgram  /var/run/logpriv
root@test4:/ # 

Your theory is probably incorrect.

> 
> What is you sshd_config in the host and in the jail? 

The sshd on the host has been stopped now.
The sshd_config in the jail is the FreeBSD default one.

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/

signature.asc
Description: PGP signature

Re: IPv6 in jails

Reply via email to