Bug#643654: munin-node won't listen on ipv4 addresses after upgrading to libnet-server-perl 0.99-3

Damyan Ivanov dmn at debian.org
Wed Sep 28 18:12:03 UTC 2011 

-=| gregor herrmann, 28.09.2011 19:31:45 +0200 |=-
> and then nothing until (my telnet attempts before):
> 
> 2011/09/28-18:17:45 CONNECT TCP Peer: "::1:32798" Local: "::1:4949"
> Invalid netblock: 127.255.255.255-0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1 at /usr/share/perl5/Net/Server.pm line 849
> 2011/09/28-18:25:32 CONNECT TCP Peer: "2001:15c0:66bc:0:211:11ff:fe92:3e20:33975" Local: "2001:15c0:66bc:0:211:11ff:fe92:3e20:4949"

Could this be related to the way connections are controlled in 
munin-node.conf? I have it via

  allow ^127\.0\.0\.1$
and
  allow ^$munin_server$

Do you use cidr_allow/cidr_deny?
> - Ansgar mentioned sys.net.ipv6.bindv6only on IRC.
> 
>   root at belanna:~# sysctl net.ipv6.bindv6only
>   net.ipv6.bindv6only = 1
> 
>   Oh, and setting it to 0 changes something:
> 
> root at belanna:~# telnet ::1 4949
> Trying ::1...
> Connected to ::1.
> Escape character is '^]'.
> Connection closed by foreign host.
> 
> root at belanna:~# telnet 127.0.0.1 4949
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> # munin node at belanna.comodo.priv.at
> Connection closed by foreign host.
> 
> So, with net.ipv6.bindv6only = 1 there's no ipv4 connection; with = 0
> ipv4 works.

Good catch. It seems I have 'net.ipv6.bindv6only = 0' in 
/etc/sysctl.d/bindv6only.conf. Not sure where that came from. It is 
quite possible that I have set the value at some point in the past.

Here's some interesting prose from that file:

 # This sysctl sets the default value of the IPV6_V6ONLY socket 
 # option.
 #
 # When disabled, IPv6 sockets will also be able to send and receive 
 # IPv4
 # traffic with addresses in the form ::ffff:192.0.2.1 and daemons 
 # listening
 # on IPv6 sockets will also accept IPv4 connections.
 #
 # When IPV6_V6ONLY is enabled, daemons interested in both IPv4 and 
 # IPv6
 # connections must open two listening sockets.
 # This is the default behaviour of all modern operating systems.

Yeah, right :) But the advise to open two sockets may still be useful.

> And ipv6 works connection-wise in both cases but doesn't
> generate a prompt in my telnet attempt?!

ipv6 is weird, you say? :))
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20110928/1cec185b/attachment.pgp>

More information about the pkg-perl-maintainers mailing list