⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.79
Server IP:
41.128.143.86
Server:
Linux host.raqmix.cloud 6.8.0-1025-azure #30~22.04.1-Ubuntu SMP Wed Mar 12 15:28:20 UTC 2025 x86_64
Server Software:
Apache
PHP Version:
8.3.23
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
doc
/
psa-proftpd
/
howto
/
View File Name :
IPv6.html
<!DOCTYPE html> <html> <head> <title>ProFTPD: IPv6</title> </head> <body bgcolor=white> <hr> <center><h2><b>ProFTPD: IPv6</b></h2></center> <hr> <p> ProFTPD has support for IPv6 connections enabled by default. To disable IPv6 functionality at build time, use the proper <code>configure</code> option, <i>e.g.</i>: <pre> $ ./configure --disable-ipv6 ... </pre> To disable IPv6 support at <i>runtime</i>, use the <a href="../modules/mod_core.html#UseIPv6"><code>UseIPv6</code></a> directive in your <code>proftpd.conf</code>: <pre> # Disable IPv6 support UseIPv6 off </pre> The <a href="../modules/mod_core.html#DefaultAddress"><code>DefaultAddress</code></a>, <a href="../modules/mod_core.html#MasqueradeAddress"><code>MasqueradeAddress</code></a>, and <a href="../modules/mod_core.html#VirtualHost"><code><VirtualHost></code></a> directives can take both IP addresses and DNS names as parameters. If IP addresses are used, either IPv4 or IPv6, they work as one expects. Things are more involved when a DNS name is given as a parameter. <p> It is possible for a DNS name to have multiple IP addresses, both <code>A</code> (IPv4) and <code>AAAA</code> (IPv6) records. Thus <code>DefaultAddress</code> and <code><VirtualHost></code> will resolve a DNS name to its addresses; if multiple addresses are found, they will be added automatically. <pre> <VirtualHost localhost> ... </VirtualHost> </pre> on an IPv6-enabled host, would be treated as: <pre> <VirtualHost 127.0.0.1 ::1> ... </VirtualHost> </pre> <b>Note</b> that <code>MasqueradeAddress</code> does <i>not</i> resolve a DNS name to all possible addresses. ProFTPD can only <em>masquerade</em> as one address, and so, if given a DNS name, <code>MasqueradeAddress</code> will use the <i>first</i> IP address returned by the DNS lookup. <p> <b>Known Issues</b><br> <p> <i>Wildcard Sockets</i><br> Various Unix platforms handle wildcard sockets differently with regard to IPv6 address. For example, on Mac OSX, one must configure a virtual host to listen for <i>both</i> the IPv4 and IPv6 wildcard addresses in order to accept both IPv4 and IPv6 connections: <pre> # Listen for all IPv4 AND all IPv6 connections <VirtualHost 0.0.0.0 ::> ... </VirtualHost> </pre> <p> However, on Solaris, binding to an IPv6 address will accept both IPv4 and IPv6 connections to that address automatically. On BSD systems, the behavior is affected by the <code>net.inet6.ip6.v6only</code> <code>sysctl</code> setting; on Linux, it is the <code>net.ipv6.bindv6only</code> <code>sysctl</code> setting. <p> Note that the above are issues only if <a href="../modules/mod_core.html#SocketBindTight"><code>SocketBindTight</code></a> is <em>not</em> enabled, <i>i.e.</i> if wildcard sockets are used. <p> <i>Broken Implementations</i><br> HP-UX 11i has a broken <code>getaddrinfo(2)</code> implementation. To fix this, a patch from HP-UX is needed. See these <a href="http://docs.hp.com/hpux/onlinedocs/T1306-90004/T1306-90004.html">release notes</a> for IPv6 on HP-UX 11i. Alternatively, you can use ProFTPD's fallback implementation by building ProFTPD with the <code>--builtin-getaddrinfo</code> compile option. <p> <i>Badly Parsed DNS names</i><br> Certain DNS names may be handled improperly when IPv6 support is enabled, <i>e.g.</i>: <pre> Allow from .ee </pre> Attempting to start up ProFTPD with a configuration that contains the above line <em>will</em> fail, with the following error being reported: <pre> getaddrinfo '.ee' error: Name or service not known Fatal: Allow: bad ACL definition: '.ee': Success on line 13 of '/path/to/proftpd.conf' </pre> The issue is that ProFTPD's ACL parser has to guess, for a given string, whether the string is for an IP address (either IPv4 or IPv6) or a DNS name, which may or may not contain explicit or implicit glob characters. One of the tests that the ACL parser uses is to see if the string contains any characters that <i>cannot</i> appear in an IPv4 or IPv6 address. If the string has any non-IP address characters, it is treated as a DNS name string, otherwise, it is an IP address string. <p> The range of characters which can appear in an IP address string is: <pre> 0123456789ABCDEFabcdef.: </pre> The string ".ee" contains all characters that are legal in an IP address string; hence why the ACL parser is trying to resolve that IP address, and failing. As a counterexample, ".us" works. <p> One way of working around this issue is to explicitly put glob characters in the string, so that the ACL parser can determine more easily that it is a DNS glob, <i>e.g.</i>: <pre> Allow from *.ee </pre> Note that this issue <b>only</b> applies if IPv6 support is enabled. <p> <hr> <font size=2><b><i> © Copyright 2017 The ProFTPD Project<br> All Rights Reserved<br> </i></b></font> <hr> </body> </html>