From: Chris Hoogendyk (hoogendyk@bio.umass.edu)
Date: Thu Sep 06 2007 - 14:58:32 EDT
I'm getting a little annoyed and frustrated at this. Periodically, I see
connection errors because one of my servers has just "randomly" decided
to use an IPv6 address. I thought I had installed Solaris 9 without it.
And a couple of times I have put in sessions of trying to rout it out,
only to find some time later that there is some remnant of it somewhere.
So, does anyone have any sort of guide on total and complete removal of
IPv6?
Last time I found something else (a week or two ago), it was
/etc/inet/ipnodes, where there was a localhost entry for "::".
In the wee hours of this morning my amanda backups failed (they've been
running for months with no problems). The amanda debug files showed that
an attempt to open an ssh connection had simply dropped the connection.
Looking on the machine it was trying to connect to, I found in the
authlog, "Could not reverse map address ::ffff:172.30.52.128." During
this same brief period (several hours), mail was failing from that
machine and mon was trying to send me messages and couldn't.
So, now I'm doing some more searches, and I find that
/etc/ssh/sshd_config has a line "ListenAddress ::".
But that doesn't explain mail. And it doesn't explain why the other
machine was presenting itself as ::ffff:172.30.52.128
It seems there has to be a clean way of doing this, and it would be good
if it were robust against patching. In other words, if I make changes in
system configuration files and then apply some patches at some point, I
could very well lose those changes. So there ought to be some sort of
firm local configuration that tells the OS once and for all, "don't ever
use IPv6."
All servers concerned are similar base installs of Solaris 9 (the amanda
server, the department server that was the amanda client in question,
and our dns server). Mail is handled on the department server. mon runs
on the amanda server.
The full error in the authlog on the department server was:
Sep 6 00:45:02 marlin sshd[11416]: [ID 800047 auth.info] Could not
reverse map address ::ffff:172.30.52.128.
Sep 6 00:45:02 marlin sshd[11416]: [ID 800047 auth.info] Authentication
tried for amanda with correct key but not from a permitted host
(host=172.30.52.128, ip=172.30.52.128).
A possibly related data point is this summary I found. It mentions a
"SERVFAIL" error, and I just happened to see exactly that error on the
login screen of a Mac in one of our computer labs this morning. Which
may possibly bring things back to my dns server. Nevertheless, the
question is still how to safely and thoroughly remove IPv6.
---------------
Chris Hoogendyk
-
O__ ---- Systems Administrator
c/ /'_ --- Biology & Geology Departments
(*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst
---------------
Erdvs 4
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:17 EDT