HTTPD listening in IPv6, according netstat, but reacheable in IPv4
I believe that on Linux, binding to [::] (IPv6) results in receiving both IPv6 and IPv4 traffic (by default). I believe these are referred to as IPv4-mapped IPv6 addresses. netstat
simply shows the IPv6 entry only, because there's technically only a single bind, that happens to support both IPv4 and IPv6.
There's a bit of information on the Apache site.
It's possible for software to not use IPv4-mapped IPv6 addresses and bind to both 0.0.0.0 and [::] separately and hence show up twice in netstat
, but it's a design choice on the part of the developers.
Related videos on Youtube
Comments
-
Antonin M. over 1 year
Using Openstack, I have a Web GUI (horizon) hosted on my server (HTTPS).
When I do a
netstat -lt | grep https
, I have:tcp6 0 0 [::]:https [::]:* LISTEN
With
lsof -i :443
, I have:COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 5250 root 6u IPv6 27390 0t0 TCP *:https (LISTEN) httpd 17675 apache 6u IPv6 27390 0t0 TCP *:https (LISTEN) httpd 17676 apache 6u IPv6 27390 0t0 TCP *:https (LISTEN) httpd 17677 apache 6u IPv6 27390 0t0 TCP *:https (LISTEN) httpd 17678 apache 6u IPv6 27390 0t0 TCP *:https (LISTEN) httpd 17679 apache 6u IPv6 27390 0t0 TCP *:https (LISTEN) httpd 17680 apache 6u IPv6 27390 0t0 TCP *:https (LISTEN) httpd 17681 apache 6u IPv6 27390 0t0 TCP *:https (LISTEN) httpd 17682 apache 6u IPv6 27390 0t0 TCP *:https (LISTEN) httpd 27444 apache 6u IPv6 27390 0t0 TCP *:https (LISTEN)
However the server is reachable in IPv4. It's ok for me but I wonder why there is not an entry with netstat like this:
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN
-
drookie over 8 yearsIt's not: tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN
-
EightBitTony over 8 yearsIt's not what? Your example appears to indicate an ssh daemon which is listening on both an IPv4 port and an IPv6 port, rather than a single combined IPv4-mapped IPv6 address. I'm not sure what your point is.
-
Sander Steffann over 8 yearsThat down vote is inappropriate. This is the correct answer. Software can bind to the wildcard address on IPv6 and accept both IPv4 and IPv6 connections on it. On Linux this is even the default. The SSH software in your example chose not to.
-
Michael Hampton over 8 years@drookie What relevance is that?