Date: Sat, 16 Dec 2006 16:50:40 +0300 From: Boris Samorodov <bsam@ipt.ru> To: "Eugene M. Kim" <freebsd.org@ab.ote.we.lv> Cc: freebsd-gnome@freebsd.org Subject: Re: x11/gdm: default IPv6 disables IPv4 for xdmcp Message-ID: <91640543@srv.sem.ipt.ru> In-Reply-To: <458344E4.8020200@ab.ote.we.lv> (Eugene M. Kim's message of "Fri, 15 Dec 2006 16:59:16 -0800") References: <00614590@srv.sem.ipt.ru> <458344E4.8020200@ab.ote.we.lv>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 15 Dec 2006 16:59:16 -0800 Eugene M. Kim wrote: > Try setting ipv6_ipv4mapping="YES" in /etc/rc.conf and rebooting. > For security reasons, *BSD intentionally breaks RFC 3493 by disabling > IPv4-mapped addresses by default (net.inet6.ip6.v6only=1). (For > example, if one were to block incoming connections from an IPv4 > address 1.2.3.4, one would have to install /two/ firewall rules, one > for IPv4 1.2.3.4 and another for IPv4-mapped IPv6 ::ffff:1.2.3.4). Ah, yes. I've read about it long ago but totally forget it. Thanks for clearification. > Unfortunately, this breaks a number of applications that depend on the > RFC-specified default behavior (v6only=0). GDM is one of them; > Eclipse is another. Re-enabling IPv4-mapped addresses is a quick (and > dirty) fix to the breakage; however, one should be aware of the > security implications of doing this (see above), and take additional > steps to guard the system as necessary. Well, at this case I think that rebuilding gdm was a reasonable solution. > Boris Samorodov wrote: > > Hello All! > > > > > > Way back before gnome-2.14 IPv6 and IPv4 were mutual exclusive. > > Current gdm-2.16.4 behaves the same: > > > > - gdm built with defaults listens only at udp6: > > %netstat -a | grep xdm > > udp6 0 0 *.xdmcp *.* > > > > - disabling IPv6 helps to listen at udp4. WBR -- Boris Samorodov (bsam) Research Engineer, http://www.ipt.ru Telephone & Internet SP FreeBSD committer, http://www.FreeBSD.org The Power To Serve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?91640543>