Hello,
how can i disable the ipv6 Bindings from the services
::::1013 (which service ist running on this port ?)
:::444
:::81
regards
Hello Patrick,
what do you mean with “which service”?
A “netstat -ap --numeric” or “ss -anp” hows the connected services.
In your case:
tcp6 0 0 :::81 :::* LISTEN 3567/httpd
tcp6 0 0 :::1013 :::* LISTEN 3567/httpd
tcp6 0 0 :::444 :::* LISTEN 3567/httpd
Best
Silvio
This belongs to captive portal.
Another point from my side.
I’m not sure if this is actual but:
If IPv6 is disabled by default why would you disable the bindings.
I had some problems with services in the past which use IPv6 bindings on IPv4 only systems and it was not so easy like it sounds.
On CentOS/Redhat based systems you can do all the stuff like disable ipv6 in sysctl,conf or /etc/sysconfig/network and so on but you have problems on other points after that …
So my hint, if you not really sure what you are doing and you need it, think about it again.
Silvio
1 Like
Hello,
thank you for the hint, i ask me, why there ist a binding on a port, wenn the captive-portal isn’t used. and why there are ipv6 bindings, on a ipv4-only system.
Hello Silvio, do you know were i can disable ipv6 on a ipfire system ? regards
[root@ipfire ~]# grep ipv6 /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
1 Like
Hello Patrick,
as Paul wrote the IPv6 stack is disabled th /etc/sysctl.conf.
This file would also be my first option but as you can see the dev team has done it.
If you check your network interface you will see no IPv6 binding where:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: red0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP group default qlen 1000
link/ether 78:e3:b5:1a:7d:a2 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 scope global red0
valid_lft forever preferred_lft forever
3: green0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 78:e3:b5:1a:7d:a3 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.1/24 scope global green0
valid_lft forever preferred_lft forever
4: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc fq_codel state DOWN group default qlen 32
link/ether b2:b0:1f:5b:e7:d5 brd ff:ff:ff:ff:ff:ff
5: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc fq_codel state DOWN group default qlen 32
link/ether b6:ee:6d:e4:87:33 brd ff:ff:ff:ff:ff:ff
6: imq0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN group default qlen 32
link/ether e6:75:e6:42:b4:71 brd ff:ff:ff:ff:ff:ff
7: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 10.251.150.1 peer 10.251.150.2/32 scope global tun0
valid_lft forever preferred_lft forever
I think these 3 IPv6 ports are httpd specific and you have to change the listen bindings in the httpd settings to diasbled this.
If you read: Binding to Addresses and Ports - Apache HTTP Server Version 2.4
" On the other hand, on some platforms, such as Linux and Tru64, the only way to handle both IPv6 and IPv4 is to use mapped addresses. If you want httpd to handle IPv4 and IPv6 connections with a minimum of sockets, which requires using IPv4-mapped IPv6 addresses, specify the --enable-v4-mapped configure option.
–enable-v4-mappedis the default on all platforms except FreeBSD, NetBSD, and OpenBSD, so this is probably how your httpd was built. If you want httpd to handle IPv4 connections only, regardless of what your platform and APR will support, specify an IPv4 address on allListen` directives, as in the following examples:"
Best
Silvio
Hello Paul and Silvio,
thank you for you help, i fixed the ipv6 Binding bei changing /etc/http/conf/listen.conf vom :81 / :444 to 0.0.0.0:81 / 0.0.0.0:443, the same for the captiveportal,
stay healthy,
regards
And what about NTP?
udp6 0 0 [::]:ntp [::]:*