Iocage and IPv6 autoconf ?

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737
Please post the output of these commands run inside your jail (after iocage console myjail or ssh login):
Code:
ifconfig
netstat -na | grep LISTEN


Patrick
 

Andistorm

Cadet
Joined
Jun 18, 2019
Messages
3
Please post the output of these commands run inside your jail (after iocage console myjail or ssh login):
Code:
ifconfig
netstat -na | grep LISTEN


Patrick


Input:
Code:
ifconfig
netstat -na | grep LISTEN


Output:
Code:
root@nextcloud:~ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 0c:9d:92:ba:b5:82
        hwaddr 02:1b:d0:00:06:0b
        inet 192.168.131.4 netmask 0xffffff00 broadcast 192.168.131.255
        inet6 fe80::e9d:92ff:feba:b582%epair0b prefixlen 64 scopeid 0x2
        inet6 2003:e3:f23:xxxx:e9d:92ff:feba:yyyy prefixlen 64 autoconf
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
root@nextcloud:~ # netstat -a | grep LISTEN
tcp46      0      0 *.mysql                *.*                    LISTEN
tcp4       0      0 *.http                 *.*                    LISTEN
tcp4       0      0 localhost.9000         *.*                    LISTEN
root@nextcloud:~ #

I replaced parts of the valid ipv6-adress with xxxx and yyyy

Andreas
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737
Simple answer: your web server is not configured to listen on IPv6, that's why it says "tcp4" in your netstat output.

HTH,
Patrick
 

Decade

Cadet
Joined
May 29, 2019
Messages
5
I finally have a moment:
@Decade, static IPv4 with SLAAC IPv6 works without problems for me. Could you post the output of these commands?
Code:
iocage get all myjail
Code:
CONFIG_VERSION:14.1
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:1
allow_set_hostname:1
allow_socket_af:1
allow_sysvipc:0
allow_tun:0
available:readonly
basejail:no
boot:off
bpf:yes
children_max:0
cloned_release:11.2-RELEASE
comment:none
compression:lz4
compressratio:readonly
coredumpsize:off
count:1
cpuset:off
cputime:off
datasize:off
dedup:off
defaultrouter:192.168.17.1
defaultrouter6:none
depends:none
devfs_ruleset:4
dhcp:off
enforce_statfs:2
exec_clean:1
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:myjail
host_hostuuid:myjail
host_time:yes
hostid:86bd9b17-345c-11e6-a395-0cc47ac3a394
hostid_strict_check:off
interfaces:vnet0:bridge1
ip4:new
ip4_addr:igb0|192.168.17.3/24
ip4_saddrsel:1
ip6:new
ip6_addr:vnet0|accept_rtadv
ip6_saddrsel:1
jail_zfs:off
jail_zfs_dataset:iocage/jails/myjail/data
jail_zfs_mountpoint:none
last_started:2019-07-01 18:49:55
login_flags:-f root
mac_prefix:02ff60
maxproc:off
memorylocked:off
memoryuse:off
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:off
msgqsize:off
nmsgq:off
notes:none
nsemop:off
nshm:off
nthr:off
openfiles:off
origin:readonly
owner:root
pcpu:off
priority:99
pseudoterminals:off
quota:none
release:11.2-RELEASE-p8
reservation:none
resolver:/etc/resolv.conf
rlimits:off
securelevel:2
shmsize:off
stacksize:off
state:up
stop_timeout:30
swapuse:off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:no
type:jail
used:readonly
vmemoryuse:off
vnet:on
vnet0_mac:02ff6051e2d5 02ff6051e2d6
vnet1_mac:none
vnet2_mac:none
vnet3_mac:none
vnet_default_interface:auto
vnet_interfaces:none
wallclock:off

Code:
iocage start myjail
Code:
* Starting myjail
  + Started OK
  + Configuring VNET OK
  + Starting services OK

Code:
iocage console myjail
Code:
Last login: Mon Jul  1 12:17:45 on pts/15
FreeBSD 11.2-STABLE (FreeNAS.amd64) #0 r325575+6aad246318c(HEAD): Mon Jun 24 17:25:47 UTC 2019

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
root@myjail:~ #

Code:
ifconfig -a
Code:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:ff:60:51:e2:d6
        hwaddr 02:fd:d0:00:18:0b
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair

Code:
cat /etc/rc.conf
Code:
ifconfig_epair0b="DHCP"
hostname="myjail"
cron_flags="$cron_flags -J 15"

# Disable Sendmail by default
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

# Run secure syslog
syslogd_flags="-c -ss"

# Enable IPv6
ipv6_activate_all_interfaces="YES"
rtsold_enable="YES"
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737

Decade

Cadet
Joined
May 29, 2019
Messages
5
I don’t understand that, or its relevance.
Did not change the autoconf settings in the UI
So, what is the autoconf setting? Manual IPv4, automatic IPv6? Because when I do automatic IPv4, iocage overwrites the ifconfig line and IPv6 doesn’t work, and when I do manual IPv4 (like in the configuration I pasted earlier), then the ifconfig line remains and IPv6 (now) works but IPv4 doesn’t work.
Code:
~ # ping 192.168.17.1
PING 192.168.17.1 (192.168.17.1): 56 data bytes
ping: sendto: Network is unreachable
ping: sendto: Network is unreachable
^C
--- 192.168.17.1 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737
If you put ifconfig_epair0b_ipv6="inet6 accept_rtadv auto_linklocal" into your jail‘s rc.conf, iocage deletes it?
 

Decade

Cadet
Joined
May 29, 2019
Messages
5
Yes. If I have DHCP on IPv4, then iocage replaces ifconfig_epair0b_ipv6="inet6 accept_rtadv auto_linklocal" with ifconfig_epair0b="DHCP". Even if rc.conf already has ifconfig_epair0b="DHCP"; iocage will make multiple of that line.

Now I found a way that seems to work: Manual IPv4, with interface set to vnet0, and automatic IPv6, with the ifconfig_epair0b_ipv6 line added to rc.conf. And maybe removing the ipv6_activate_all_interfaces="YES", rtsold_enable="YES" lines. Those didn’t seem to matter to the plugin jail, but the normal jail wasn’t accepting the route advertisement with those lines.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737
Glad it's working for you now. The interface "vnet0" is of course correct. What else would one set that to?
As I wrote in a different post:

This tells iocage which physical interface to bind the virtual one to via if_bridge(4):
Code:
interfaces:vnet0:bridge0


And this assigns the IPv4 address to the virtual vnet0 interface:
Code:
ip4:new
ip4_addr:vnet0|217.29.46.105/26


Kind regards,
Patrick
 

oni303

Cadet
Joined
Aug 14, 2019
Messages
1
Guys, this is not the 90's!!! Static IPv4 configuration is not an option, whats next telling people to put hostnames and ips in /etc/hosts?

That being said, I got an IPv6 using the work around @Patrick M. Hausen suggested, problem is there was no default route configured.
Any ideas on that?
 

Evan31

Dabbler
Joined
Nov 7, 2014
Messages
30
This works for me on 11.2-U5:

add to /etc/rc.conf.local (NOT /etc/rc.conf which is overwritten by iocage):
Code:
ifconfig_epair0b_ipv6="inet6 accept_rtadv auto_linklocal"
ipv6_activate_all_interfaces="NO"


Result is IPv6 enabled on epair0b with linklocal fe80:: address as well as address assigned from router advertisement. You may need to wait a few seconds for the router advertised IP to be assigned.
 
  • Like
Reactions: HJD

Katagia

Dabbler
Joined
Sep 7, 2019
Messages
12
Hello

I'm new to FreeNAS and BSD but I have some old linux experience.
I want to setup a jail to use OpenVPN.
Relase inside the jail is 11.2-RELEASE-p14
I also want to setup ipv6. The FreeNAS host has configured ipv6 and get's an address starting with 2001:. This matches to the ipv6 range I get from my provider.
When I create /etc/rc.conf.local as suggested by Evan31 the jail get's an address starting with fe80 only. The address from router advertisment is missing.

Did I miss something?

Thank you very much.
 

Katagia

Dabbler
Joined
Sep 7, 2019
Messages
12
I was able to get valid ipv6 addresses in the jail.
I created /etc/rc.conf.local as suggested by Evan31

In the webinterface I disabled "autoconfigure ipv6".

Unfortunatly nothing else works. When I try to ping the jail from outside there is no route to the host.
I used tcpdump to monitor traffic. The ipv6 traffic is visible at bridge0 and vnet0:5 at the host.
It is missing on epair0b inside the jail.

Any idea what might block traffic here?

Thank you very much.
 
Top