Netstat not displaying all listening ports when using IPv4 and IPv6

Bug #657270 reported by Michael Warren
This bug affects 5 people
Affects Status Importance Assigned to Milestone
net-tools (Ubuntu)

Bug Description

I am running a machine with both IPv4 and IPv6.

I noticed earlier that when doing a 'netstat -anl4' (or just grepping through 'netstat -an' output) that not all listening IPv4 ports are displayed. Example:

# netstat -anl4 | grep external_ipv4_address | grep 80

Yet, it is definitely listening:

> telnet external_ipv4_address 80
Trying external_ipv4_address...
Connected to external_ipv4_address.
Escape character is '^]'.

It definitely seems like for applications that listen on both IPv4 and IPv6 that only the IPv6 listening socket is displayed, as if they are aggregated together. This is a problem because we can no longer trust netstat to properly display all listening sockets.

I would suggest that netstat always show every port that is listening on both the IPv4 and IPv6 stack. Having more data seems like a good thing here since netstat is the primary tool for determining which ports a machine is listening on.

Distributor ID: Ubuntu
Description: Ubuntu 10.04.1 LTS
Release: 10.04
Codename: lucid

Revision history for this message
Michael Warren (mike-ef) wrote :

After doing more research, I believe this is because Apache is not using the IPV6_V6ONLY flag when it binds to port 80. This allows the IPv6 socket to serve both IPv4 and IPv6 traffic. Since there is technically only one listening socket, this is why netstat only shows the IPv6 socket.

Historically we could use netstat to see exactly what is listening, but in the case of IPV6_V6ONLY, it's entirely possible that an IPv6 socket could handle IPv4 traffic and netstat would never show it.

Here is the README from the netbase package:

# When disabled, IPv6 sockets will also be able to send and receive IPv4
# traffic with addresses in the form ::ffff: and daemons listening
# on IPv6 sockets will also accept IPv4 connections.
# When IPV6_V6ONLY is enabled, daemons interested in both IPv4 and IPv6
# connections must open two listening sockets.
# This is the default behaviour of almost all modern operating systems.

IPV6_V6ONLY is controlled by the sysctl net.ipv6.bindv6only.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in net-tools (Ubuntu):
status: New → Confirmed
Revision history for this message
sandipahire007 (sandipahire007) wrote :

ipv6 to ipv6 rdesktop is possible.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.