netstat — why are IPv4 daemons listening to ports listed only in -A inet6?
Solution 1
By default if you don't specify address to Apache Listen
parameter, it handles ipv6 address using IPv4-mapped IPv6
addresses. You can take a look in Apache ipv6
The output of netstat
doesn't mean Apache is not listening on IPv4 address. It's a IPv4-mapped IPv6
address.
Solution 2
The reason for this is because all IPv4 addresses are also IPv6 addresses. A small range of IPv6 addresses was set aside to be used for one-to-one mapping of IPv4 addresses. For example, the IPv4 address 192.0.2.128
is accessible via the IPv6 address ::ffff:192.0.2.128
. This was done so that any applications which support IPv6 only, could still listen on IPv4 addresses.
Note that this can't be used for an IPv6 address (non-mapped) to talk to an IPv4 address without other things involved, as the IPv4 won't know how to handle the IPv6 address (you can use NAT, or other solutions though).
Since all IPv4 addresses are represented in IPv6, when asking netstat
to list apps using IPv6, you're also going to get IPv4.
It could represent 10.0.176.93
as ::ffff:10.0.176.93
, or even ::ffff:a00:b05d
, but the application developers chose to show it as a regular dotted-notation IPv4 address.
Comments
-
Mischa Arefiev over 1 year
I have a computer with:
Linux superhost 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64 GNU/Linux
It runs Apache on port 80 on all interfaces, and it does not show up in
netstat -planA inet
, however it unexpectedly can be found innetstat -planA inet6
:Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::5672 :::* LISTEN 2402/beam.smp tcp6 0 0 :::111 :::* LISTEN 1825/rpcbind tcp6 0 0 :::9200 :::* LISTEN 2235/java tcp6 0 0 :::80 :::* LISTEN 2533/apache2 tcp6 0 0 :::34611 :::* LISTEN 1856/rpc.statd tcp6 0 0 :::9300 :::* LISTEN 2235/java ... tcp6 0 0 10.0.176.93:80 10.0.76.98:53704 TIME_WAIT - tcp6 0 0 10.0.176.93:80 10.0.76.98:53700 TIME_WAIT -
I can reach it by TCP4 just fine, as seen above. However, even these connections are listed under
tcp6
. Why?-
phemmer over 9 yearsAll IPv4 addresses map directly to IPv6 addresses (but not vice versa). See: en.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses
-
mikeserv over 9 years
-
-
Mischa Arefiev over 9 yearsThere are other services that listen to IPv4 addresses but are listed as tcp6 by netstat, e. g. ElasticSearch
-
beginer over 9 yearsI guess you read the wikipedia link provided by @Patrick . All those services which use the IPv4-mapped IPv6 address will be shown in
tcp6
in netstat's output. -
Mischa Arefiev over 9 yearsThank you, but this does not answer why they do not pop up when doing regular
-A inet
-
Johan Myréen over 6 yearsI guess the reason the listening connections are only listed as tcp6 sockets is because they really are IPv6 sockets, but with the additional feature that they also accept IPv4 connections, if configured to do so. The sockets are bound to INADDR_ANY6, and when a IPv4 connection comes in the address is mapped to an IPv6 address with the prefix ::ffff:0000/96. This is the only use for these mapped addresses; they should not be used on the wire.