netstat — why are IPv4 daemons listening to ports listed only in -A inet6?

linux debian ipv6 netstat ipv4

49,831

Solution 1

By default if you don't specify address to Apache Listen parameter, it handles ipv6 address using IPv4-mapped IPv6 addresses. You can take a look in Apache ipv6

The output of netstat doesn't mean Apache is not listening on IPv4 address. It's a IPv4-mapped IPv6 address.

Solution 2

The reason for this is because all IPv4 addresses are also IPv6 addresses. A small range of IPv6 addresses was set aside to be used for one-to-one mapping of IPv4 addresses. For example, the IPv4 address 192.0.2.128 is accessible via the IPv6 address ::ffff:192.0.2.128. This was done so that any applications which support IPv6 only, could still listen on IPv4 addresses. Note that this can't be used for an IPv6 address (non-mapped) to talk to an IPv4 address without other things involved, as the IPv4 won't know how to handle the IPv6 address (you can use NAT, or other solutions though).

Since all IPv4 addresses are represented in IPv6, when asking netstat to list apps using IPv6, you're also going to get IPv4.
It could represent 10.0.176.93 as ::ffff:10.0.176.93, or even ::ffff:a00:b05d, but the application developers chose to show it as a regular dotted-notation IPv4 address.

49,831

Author by

Mischa Arefiev

EXPERT BBCODE PROGRAMMER

Updated on September 18, 2022

Comments

Mischa Arefiev over 1 year

I have a computer with:

Linux superhost 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64 GNU/Linux

It runs Apache on port 80 on all interfaces, and it does not show up in netstat -planA inet, however it unexpectedly can be found in netstat -planA inet6:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp6       0      0 :::5672                 :::*                    LISTEN      2402/beam.smp   
tcp6       0      0 :::111                  :::*                    LISTEN      1825/rpcbind    
tcp6       0      0 :::9200                 :::*                    LISTEN      2235/java       
tcp6       0      0 :::80                   :::*                    LISTEN      2533/apache2    
tcp6       0      0 :::34611                :::*                    LISTEN      1856/rpc.statd  
tcp6       0      0 :::9300                 :::*                    LISTEN      2235/java       
...
tcp6       0      0 10.0.176.93:80          10.0.76.98:53704        TIME_WAIT   -               
tcp6       0      0 10.0.176.93:80          10.0.76.98:53700        TIME_WAIT   -

I can reach it by TCP4 just fine, as seen above. However, even these connections are listed under tcp6. Why?

phemmer over 9 years

All IPv4 addresses map directly to IPv6 addresses (but not vice versa). See: en.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses
mikeserv over 9 years

please stop using netstat? it died - a decade ago. Use iproute2's ss

Mischa Arefiev over 9 years

There are other services that listen to IPv4 addresses but are listed as tcp6 by netstat, e. g. ElasticSearch
beginer over 9 years

I guess you read the wikipedia link provided by @Patrick . All those services which use the IPv4-mapped IPv6 address will be shown in tcp6 in netstat's output.
Mischa Arefiev over 9 years

Thank you, but this does not answer why they do not pop up when doing regular -A inet
Johan Myréen over 6 years

I guess the reason the listening connections are only listed as tcp6 sockets is because they really are IPv6 sockets, but with the additional feature that they also accept IPv4 connections, if configured to do so. The sockets are bound to INADDR_ANY6, and when a IPv4 connection comes in the address is mapped to an IPv6 address with the prefix ::ffff:0000/96. This is the only use for these mapped addresses; they should not be used on the wire.