[sslh] SSLH 1.16 issue: Cannot bind for IPv4 and IPv6 simultaneously
Maddes
maddes+sslh at maddes.net
Sat May 14 09:41:45 UTC 2016
On 13.05.2016 23:32, Simon Iremonger wrote:
>>>> If I check with netstat then there's nothing on port 444 bound.
>>>> And when I start 2 instances, one for IPv4 and the other for IPv6, then
>>>> second fails too.
>>> According to another Matt, it works:
>>> http://rutschle.net/pipermail/sslh/2015-February/000569.html
>
> This basically depends on the setting of /proc/sys/net/ipv6/bindv6only
> -- normally set to '0' ... Such that a [::]:444 socket will
> listen for IPv6 *and* IPv4 sockets in a single socket, so
> may be perfectly sufficient.
>
>
>>> I don't usually bind to 0.0.0.0 but are you sure that
>>> doesn't also bind the IPv6 addresses? That would explain
> No, the other way around... binding to :: tends to 'include'
> listening to 0.0.0.0 essentially...
>
>
> In some cases the application will be unhappy with the formatting
> of IPv4 addresses on IPv6 sockets, look like ::ffff:[ipv4 address]
> and other complications...
>
> Some daemons (e.g. openssh), seem to open their ipv6 socket
> with the V6ONLY socket option set (overriding any global
> bindv6only=0) and hence open a [::]:22 and 0.0.0.0:22 sockets
> simultaneously anyway.
>
> Others, e.g. mysqld only allow a single socket and expect you
> to have bindv6only=0 and use the socket v4 compatibility in
> order to listen for both IPv6 and IPv4 connections...
>
>
> Hope that clarifies,
>
> --Simon
Did not expect a solution directly the next morning. Simon, many thanks
for clarification.
I was only checking with netstat and there you only see "tcp6 [::]:444
sslh", but indeed SSLH is also listening on "tcp 0.0.0.0:444". My
unmodified Debian had "bindv6only" set to 0 as mentioned.
Yves, can you add this valuable info to the man pages in the --listen
section.
Thanks all
Maddes
More information about the sslh
mailing list