Bug#312425: netbase: need bindv6only option

Tue, 07 Jun 2005 21:09:16 -0700 

Package: netbase
Version: 4.21
Severity: minor
Tags: patch


I admin some systems that need ipv4 to ipv6 mappings disabled so
services can bind to both ipv4 and ipv6 ports.  ssh is one example, to
listen to ipv6 addresses (on bindv6only disabled hosts) you give it
the -6 option and the kernel binds ipv4 to ipv6 so both ipv4 and ipv6
work, but you loose the ability to forward X etc.  There needs to be a
way to enable the /proc/sys/net/ipv6/bindv6only option and it seems to
me this is the way to do it.

When it is enabled it needs to be enabled before any of the daemons go
to bind ipv6 ports or when they bind ipv4 the port will be taken.

diff -u -r netbase-4.21/debian/netbase.init 
netbase-4.21_bindv6only/debian/netbase.init
--- netbase-4.21/debian/netbase.init    2005-03-21 12:49:41.000000000 -0600
+++ netbase-4.21_bindv6only/debian/netbase.init 2005-06-07 21:56:08.000000000 
-0500
@@ -39,6 +39,14 @@
     fi
 }
 
+bindv6only () {
+    if [ -e /proc/sys/net/ipv6/bindv6only ]; then
+        echo -n "Enabling IPv6 only bindings (disables ipv4 to ipv6 
mapping)..."
+        echo 1 > /proc/sys/net/ipv6/bindv6only
+        echo "done."
+    fi
+}
+
 syncookies () {
     if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then
         echo -n "Enabling TCP/IP SYN cookies..."
@@ -65,6 +73,7 @@
        doopt spoofprotect yes
         doopt syncookies no
         doopt ip_forward no
+        doopt bindv6only yes
 
         echo -n "Configuring network interfaces..."
         ifup -a
diff -u -r netbase-4.21/debian/netbase.preinst 
netbase-4.21_bindv6only/debian/netbase.preinst
--- netbase-4.21/debian/netbase.preinst 2003-08-16 10:19:05.000000000 -0500
+++ netbase-4.21_bindv6only/debian/netbase.preinst      2005-06-07 
21:45:28.000000000 -0500
@@ -10,6 +10,7 @@
        ip_forward=no
        spoofprotect=yes
        syncookies=no
+       bindv6only=yes
        EOC
   fi
 }





-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages netbase depends on:
ii  debconf                     1.4.49       Debian configuration management sy
ii  ifupdown                    0.6.7        high level tools to configure netw
ii  iputils-ping [ping]         3:20020927-2 Tools to test the reachability of 
ii  netkit-inetd                0.10-10.1    The Internet Superserver
ii  tcpd                        7.6.dbs-8    Wietse Venema's TCP wrapper utilit

-- debconf information:
  netbase/upgrade-note/etc-network-interfaces-pre-3.17-1:
  netbase/upgrade-note/init.d-split-pre-3.16-1:
  netbase/upgrade-note/radius-ports-pre-3.05:
  netbase/upgrade-note/portmap-restart-pre-3.11-2:


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to