Ask Your Question
0

puppet v4: ipv4 and ipv6

asked 2016-10-16 23:58:30 -0500

cm01 gravatar image

Hi Guys,
I'm trying to understand the following on my v4 puppetmaster (2.4.0/4.5.0)

 ifconfig
eth0      Link encap:Ethernet  HWaddr 52:54:00:D5:E5:04  
          inet addr:10.200.32.60  Bcast:10.200.255.255  Mask:255.255.0.0
          inet6 addr: fe80::5054:ff:fed5:e504/64 Scope:Link

netstat -tanp|grep 8140
tcp        0      0 :::8140                     :::*                        LISTEN      13045/java          
tcp        0      0 ::ffff:10.200.32.60:8140    ::ffff:10.200.32.60:34392   TIME_WAIT   -       

Facter -p gives
eth0 => {
  bindings => [
    {
      address => "10.200.32.60",
      netmask => "255.255.0.0",
      network => "10.200.0.0"
    }
  ],
  bindings6 => [
    {
      address => "fe80::5054:ff:fed5:e504",
      netmask => "ffff:ffff:ffff:ffff::",
      network => "fe80::"
    }
  ],


nmap -6 -p8140 -P0 puppetmaster103.ops.sac.int.threatmetrix.com
Starting Nmap 5.51 ( http://nmap.org ) at 2016-10-17 04:51 UTC
Failed to resolve given IPv6 hostname/IP: puppetmaster.ops.x.y.com.

nmap  -p8140 -P0 puppetmaster.ops.x.y.com
Starting Nmap 5.51 ( http://nmap.org ) at 2016-10-17 04:52 UTC
Nmap scan report for puppetmaster.ops.x.ycom (1.2.3.6)
Host is up (0.000026s latency).
PORT     STATE SERVICE
8140/tcp open  unknown

So, nestat says it listens only in ipv6, nmap says only ipv4 and afaik, our internal network is only guaranteed for ipv4.
It works just fine serving client nodes..

What I want to know is what is going on? Is it ipv4, or ipv6, or both ???

Cheers
Chris

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2016-10-17 03:53:36 -0500

FranzCC gravatar image

Hi, linux reports ipv6 before ipv4.
But the binding is on "*", it means bind on all protocols.<bra check="" the="" output="" of="" lsof:<="" p="">

lsof -n -i|grep 8140|grep -i listen

gives:

java 20766 pe-puppet 152u IPv6 29951257 0t0 TCP *:8140 (LISTEN)

Rgds. Franz

edit flag offensive delete link more

Comments

Hi, I think I understand what you mean: its a dual use socket that looks like its on ipv6 (netstat, lsof)), but really on ipv4 (eg see nmap).
Is there a reference that states that anywhere? I've tried google but no luck so far.
Is this a Java socket thing?

Cheers,
Chris

cm01 gravatar imagecm01 ( 2016-10-17 18:48:31 -0500 )edit

That is logic. You can't disable ipv4 ;-)
So, all these programs access their data via procfs via fdinfo.
It is logically higher when reading the filedescriptors.
It's trivial, if you don't need ipv6, simply disable it.
Rgds. Franz

FranzCC gravatar imageFranzCC ( 2016-10-18 00:15:00 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-10-16 23:58:30 -0500

Seen: 381 times

Last updated: Oct 17 '16