DA will listen on all IP families: IPv4 and IPv6 (**Important: FreeBSD**)

Version 1.38


------------------------------------------------- ***IMPORTANT FOR FREEBSD USERS*** FreeBSD 4 and older are not affected. FreeBSD 5 and above are affected By default, the ipv6_ipv4mapping option is not enabled on these FreeBSD versions. What this means is that any service which is using IPv6 to handle both v4 and v6 will only be using v6. Connections to v4 will fail (except smarter applications like apache which have other tricks to bind to each family separately). The FreeBSD team do this because when IPv6 handles both 4 and 6, the service cannot figure out which protocol is being used. Their claim is that if you intend to allow one, but not the other, to filter packets, then it could be a security issue. Since we don't care about what protocol is being used (we want to allow both equally, and a specific protocol is not required to login) we're going to tell the system to turn on the IPv4 mapping to IPv6 IPs (like all other OS's already do by default) The solution, which will be automatically run by the DirectAdmin update on FreeBSD, will run the command: /sbin/sysctl net.inet6.ip6.v6only=0 and set this in the /etc/rc.conf: ipv6_ipv4mapping="YES" When working correctly, the sockstat command will show this: freebsd7-64# sockstat -l | grep direct | head -n1 nobody directadmi 50362 0 tcp46 *:2222 *:* if not, it will show this: freebsd7-64# sockstat -l | grep direct | head -n1 nobody directadmi 50362 0 tcp6 *:2222 *:* we want to see tcp46 in the output, else it's not enabled. Note, DirectAdmin must be restarted after this option is set. Note that the update.sh will do all of this for you.. the Admin shouldn't need to take any action to get this to happen. However, I feel the above information is very important and Admins need to know what's being done, why, and how. ** Report on a system that didn't have IPv6 compiled in, required directadmin.conf option: bind_address= to be added to prevent "Socket error - try again in 30 seconds". *** END FREEBSD *** ------------------------------------------------- *** EDIT for one reported case on Debian *** This is not part of the update, but for this reported case, it was required to make DA work on IPv4: /etc/sysctl.d/bindv6only.conf change: net.ipv6.bindv6only = 1 to net.ipv6.bindv6only = 0 and type: echo 0 > /proc/sys/net/ipv6/bindv6only ------------------------------------------------- The sockets class has been rewritten to support IPv6 IPs. If you system doesn't support IPv6 IPs, DA will realize the socket call failed and will redo the call with the AF_INET family instead of AF_INET6. To check if your DA binary is compiled with IPv6 support, type: [root@server]# cd /usr/local/directadmin [root@server]# ./directadmin o Compiled on 'Redhat CentOS 4.0' Compile time: Feb 16 2011 at 15:49:34 Compiled with IPv6 [root@server]# netstat -lnp | grep 2222 tcp 0 0 :::2222 :::* LISTEN 10905/directadmin [root@server]# and look for the "Compiled with IPv6" text. No text, means it's not setup. You can also confirm with the netstat call. If it's bound to :::2222, then it's IPv6. If it's bound to then it's only IPv4. Binding to IPv6 allows connections on both IPv4 and IPv6. The bind_address should still work fine, however if you're going to use an IPv6 IP to bind to, be sure to use the full format, and not the shorthand format. Note: You do not need to have ipv6=1 for DA to bind to IPv4 and IPv6. DA will do this regardless of the ipv6 setting.

Interested to try DirectAdmin? Get a 30-day Free Trial!