x11/gdm: default IPv6 disables IPv4 for xdmcp
Boris Samorodov
bsam at ipt.ru
Sat Dec 16 05:49:49 PST 2006
On Fri, 15 Dec 2006 16:59:16 -0800 Eugene M. Kim wrote:
> Try setting ipv6_ipv4mapping="YES" in /etc/rc.conf and rebooting.
> For security reasons, *BSD intentionally breaks RFC 3493 by disabling
> IPv4-mapped addresses by default (net.inet6.ip6.v6only=1). (For
> example, if one were to block incoming connections from an IPv4
> address 1.2.3.4, one would have to install /two/ firewall rules, one
> for IPv4 1.2.3.4 and another for IPv4-mapped IPv6 ::ffff:1.2.3.4).
Ah, yes. I've read about it long ago but totally forget it. Thanks for
clearification.
> Unfortunately, this breaks a number of applications that depend on the
> RFC-specified default behavior (v6only=0). GDM is one of them;
> Eclipse is another. Re-enabling IPv4-mapped addresses is a quick (and
> dirty) fix to the breakage; however, one should be aware of the
> security implications of doing this (see above), and take additional
> steps to guard the system as necessary.
Well, at this case I think that rebuilding gdm was a reasonable
solution.
> Boris Samorodov wrote:
> > Hello All!
> >
> >
> > Way back before gnome-2.14 IPv6 and IPv4 were mutual exclusive.
> > Current gdm-2.16.4 behaves the same:
> >
> > - gdm built with defaults listens only at udp6:
> > %netstat -a | grep xdm
> > udp6 0 0 *.xdmcp *.*
> >
> > - disabling IPv6 helps to listen at udp4.
WBR
--
Boris Samorodov (bsam)
Research Engineer, http://www.ipt.ru Telephone & Internet SP
FreeBSD committer, http://www.FreeBSD.org The Power To Serve
More information about the freebsd-gnome
mailing list