My directory server doesn’t show up in netstat!

Yes it does. You’re just looking in the wrong place. More below.

This is one of those “I knew that but forgot about it” department things. I stumbled across it after rebooting the home backup server and casually doing a netstat. Being an LDAP guy, I noticed right away that my OpenDJ directory server’s ports didn’t show up on a “netstat -an | grep -i listen”.

Well, they were there, just further down among the ipv6 connections.

tcp6  0  0 :::1389    :::*       LISTEN
tcp6  0  0 :::1636    :::*       LISTEN

If I’d looked more closely, I would have noticed that this was also true of my Apache server:

tcp6  0  0 :::80      :::*       LISTEN
tcp6  0  0 :::443     :::*       LISTEN

But I can still reach both OpenDJ and Apache using the server’s ipv4 address!

What gives? What gives is something called ipv4 mapped ipv6 addressing, which was designed to allow ipv4 hosts to communicate with services running on an ipv6 host in dual stack mode (for the technical details, see RFC 4038, section 4.2). Red Hat Linux continues to support this mode by default, while Debian Linux and the BSD’s do not (support requires that the IPV6_V6ONLY socket option be turned off, an option that is completely omitted from OpenBSD on security grounds). It appears that some Windows versions (not Windows XP) support ipv4 mapped ipv6 addresses as well.

This entry was posted in System Administration on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).