Difference between revisions of "IPv6 Server: Internet super daemon (xinetd)"

From OnnoWiki
Jump to navigation Jump to search
(New page: 22.2. Internet super daemon (xinetd) IPv6 is supported since xinetd version around 1.8.9. Always use newest available version. At least version 2.3.3 must be used, older versions can cont...)
 
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
22.2. Internet super daemon (xinetd)
 
 
 
IPv6 is supported since xinetd version around 1.8.9. Always use newest available version. At least version 2.3.3 must be used, older versions can contain remote exploitable security holes.
 
IPv6 is supported since xinetd version around 1.8.9. Always use newest available version. At least version 2.3.3 must be used, older versions can contain remote exploitable security holes.
  
Line 7: Line 5:
 
If you enable a built-in service like e.g. daytime by modifying the configuration file in /etc/xinetd.d/daytime like
 
If you enable a built-in service like e.g. daytime by modifying the configuration file in /etc/xinetd.d/daytime like
  
# diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime  
+
# diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime  
--- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001  
+
--- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001  
+++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001  
+
+++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001  
@@ -10,5 +10,5 @@  
+
@@ -10,5 +10,5 @@  
        protocol = tcp  
+
        protocol = tcp  
        user = root  
+
        user = root  
        wait = no  
+
        wait = no  
-      disable = yes  
+
-      disable = yes  
+      disable = no  
+
+      disable = no  
}
+
  }
  
 
After restarting the xinetd you should get a positive result like:
 
After restarting the xinetd you should get a positive result like:
  
# netstat -lnptu -A inet6 |grep "xinetd*"  
+
# netstat -lnptu -A inet6 |grep "xinetd*"  
tcp 0 0 ::ffff:192.168.1.1:993  :::*  LISTEN  12345/xinetd-ipv6  
+
 
tcp 0 0 :::13                  :::*  LISTEN  12345/xinetd-ipv6 <- service
+
tcp 0 0 ::ffff:192.168.1.1:993  :::*  LISTEN  12345/xinetd-ipv6  
¬ daytime/tcp
+
tcp 0 0 :::13                  :::*  LISTEN  12345/xinetd-ipv6 <- service daytime/tcp
tcp 0 0 ::ffff:192.168.1.1:143  :::*  LISTEN  12345/xinetd-ipv6
+
tcp 0 0 ::ffff:192.168.1.1:143  :::*  LISTEN  12345/xinetd-ipv6
  
 
Shown example also displays an IMAP and IMAP-SSL IPv4-only listening xinetd.
 
Shown example also displays an IMAP and IMAP-SSL IPv4-only listening xinetd.
  
 
Note: earlier versions had a problem that an IPv4-only xinetd won't start on an IPv6-enabled node and also the IPv6-enabled xinetd won't start on an IPv4-only node. This is known to be fixed in later versions, at least version 2.3.11.
 
Note: earlier versions had a problem that an IPv4-only xinetd won't start on an IPv6-enabled node and also the IPv6-enabled xinetd won't start on an IPv4-only node. This is known to be fixed in later versions, at least version 2.3.11.

Latest revision as of 15:18, 5 July 2013

IPv6 is supported since xinetd version around 1.8.9. Always use newest available version. At least version 2.3.3 must be used, older versions can contain remote exploitable security holes.

Some Linux distribution contain an extra package for the IPv6 enabled xinetd, some others start the IPv6-enabled xinetd if following variable is set: NETWORKING_IPV6="yes", mostly done by /etc/sysconfig/network (only valid for Red Hat like distributions). In newer releases, one binary supports IPv4 and IPv6.

If you enable a built-in service like e.g. daytime by modifying the configuration file in /etc/xinetd.d/daytime like

# diff -u /etc/xinetd.d/daytime.orig /etc/xinetd.d/daytime 
--- /etc/xinetd.d/daytime.orig Sun Dec 16 19:00:14 2001 
+++ /etc/xinetd.d/daytime Sun Dec 16 19:00:22 2001 
@@ -10,5 +10,5 @@ 
        protocol = tcp 
        user = root 
        wait = no 
-       disable = yes 
+       disable = no 
 }

After restarting the xinetd you should get a positive result like:

# netstat -lnptu -A inet6 |grep "xinetd*" 
tcp 0 0 ::ffff:192.168.1.1:993  :::*  LISTEN  12345/xinetd-ipv6 
tcp 0 0 :::13                   :::*  LISTEN  12345/xinetd-ipv6 <- service daytime/tcp
tcp 0 0 ::ffff:192.168.1.1:143  :::*  LISTEN  12345/xinetd-ipv6

Shown example also displays an IMAP and IMAP-SSL IPv4-only listening xinetd.

Note: earlier versions had a problem that an IPv4-only xinetd won't start on an IPv6-enabled node and also the IPv6-enabled xinetd won't start on an IPv4-only node. This is known to be fixed in later versions, at least version 2.3.11.