About this list Date view Thread view Subject view Author view Attachment view

From: Michael H. Warfield (mhw_at_wittsend.com)
Date: Thu 17 Apr 2003 - 14:31:54 BST

On Sun, Apr 13, 2003 at 01:19:06PM +0000, Gerrit Hotzel wrote:
> On Sun, Apr 13, 2003 at 01:19:24PM +0200, klavs klavsen wrote:
> > On Sun, 2003-04-13 at 13:13, klavs klavsen wrote:
> > > Hi guys,
> > >
> > > As far as I can tell, a service which is set up pr. default to listen to
> > > - does not get rewritten to listen to IPROOT. I tried this with
> > > v0.22 of the utils and ctx17.
> > >
> > > Shouldn't this be automatically rewritten by the kernel? I believe it
> > > once was (but I can remember wrong ofcourse :)
> > >
> >
> > The weird thing is that this rewrite of seems to work fine for
> > proftpd - but not for postfix or sshd. Any ideas why?

> May this be related to what Jesper FA pointed out about programs running
> create socket, listen instead of the usual create socket, bind, listen?
> The posts were around the end of the last year.

> Jesper FA wrote a patch to ctx16 attached to its mail. It adds an
> additional check to the listen-syscall to limit IPs.

> It worked fine for me, though I never understood why this patch never
> made it into the offical ctx.

        Another very, uh, interesting effect occurs when you have IPv6
enabled and things like sendmail or http or sshd bind to :: instead
of Because IPv6 sockets also pick up IPv4 connections as
::ffff:n.n.n.n, the bit of binding the virtual servers to particular
addresses does not work as expected. Because IPv6 and IPv4 do
interact at the API level, one affects the other. It's also interested
in that, it seems to me, the apps mentioned in the original message
are one's I believe are IPv6 aware or, at least, AF independent. It
would be interesting to know of the sshd problem presisted if you
added the "-4" option (IPv4 only). I learned the hard way that the
"-6" option (IPv6 only) has NO effect on Linux at all, since sshd
still sees the IPv4 connections merely as an IPv6 connection with an
compatability address.

        I've had to go back and very carefully nail down things to
particular addresses if it's and IPv6 aware application.

        I'd be interested to see how that patch interacts in my IPv6

> --
> Gerrit


 Michael H. Warfield    |  (770) 985-6132   |  mhw_at_WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 17 Apr 2003 - 14:54:42 BST by hypermail 2.1.3