Here are simple steps to disable ipv6 in Debian:
- Comment out anything related to ipv6 in /etc/hosts
- SSH. Ensure AddressFamily inet is set in /etc/ssh/sshd_config. Restart ssh.
- BIND. Ensure listen-on-v6 { none; }; in /etc/bind/named.conf.options. Restart bind9.
- NTP. Ensure -4 option is set in /etc/default/ntp (e.g. NTPD_OPTS='-4 -g'). Restart ntp.
- APACHE2. Ensure Listen 0.0.0.0:80 in /etc/apache2/ports.conf file. Restart apache2.
- RPCBIND (rpc.statd, rpc.mountd). Comment out the appropriate entries in /etc/netconfig:
udp tpi_clts v inet udp - -
tcp tpi_cots_ord v inet tcp - -
#udp6 tpi_clts v inet6 udp - -
#tcp6 tpi_cots_ord v inet6 tcp - -
rawip tpi_raw - inet - - -
local tpi_cots_ord - loopback - - -
unix tpi_cots_ord - loopback - - -
- PostgreSQL 9. Ensure ipv4 in listen_addresses (file /etc/postgresql/9.1/main/postgresql.conf):
# - Connection Settings
listen_addresses = '0.0.0.0'
Comment out lines related to ipv6 (file /etc/postgresql/9.1/main/pg_hba.conf):
# IPv6 local connections:
#host all all ::1/128 md5
Restart postgresql.
- Disable ipv6 in kernel:
echo net.ipv6.conf.all.disable_ipv6=1 \
> /etc/sysctl.d/disableipv6.conf
- Disable ipv6 in kernel modules (file /etc/modprobe.d/aliases.conf):
# alias net-pf-10 ipv6
alias net-pf-10 off
alias ipv6 off
The next time the system boots it will have ipv6 disabled. Let verify it with:
netstat -tunlp
Here is a sample output:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.10.2:53 0.0.0.0:* LISTEN 895/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 895/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 734/sshd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 895/named
udp 0 0 192.168.10.2:53 0.0.0.0:* 895/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 895/named
Read more about ipv6
here.
Posts
.... But why?
ReplyDeletePractically, you don't need it... thus there is a way get rid of it.
DeleteBecause my ISP does not support it and I hate error messages about it in logs.
DeleteThank your for the post. It helps me solving NTP issue.
ReplyDeleteVery much appreciated. The most straight-forward and concise how-to ever!
ReplyDeleteDisabling Samba IPv6 listener in /etc/samba/smb.conf
ReplyDeleteSet interfaces to your network interface device better than to the IP address:
interfaces = eth0
and bind it:
bind interface only = yes
This is great... but I still have one kernel process listening on a tcpv6 port, and I'm not sure why. Any ideas?:
ReplyDelete# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 889/exim4
tcp 0 0 0.0.0.0:60075 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 445/rpcbind
tcp 0 0 0.0.0.0:58320 0.0.0.0:* LISTEN 460/rpc.statd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 567/sshd
tcp6 0 0 :::40065 :::* LISTEN -
udp 0 0 0.0.0.0:620 0.0.0.0:* 445/rpcbind
udp 0 0 127.0.0.1:637 0.0.0.0:* 460/rpc.statd
udp 0 0 0.0.0.0:39934 0.0.0.0:* 460/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 445/rpcbind
root@new [/var/log]
# uname -a
Linux new 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u4 (2016-02-29) x86_64 GNU/Linux
root@new [/var/log]
# cat /etc/issue
Debian GNU/Linux 8 \n \l
Try find out which processes are listening on these ports:
ReplyDeletelsof -iTCP -sTCP:LISTEN
Once you know process id you can find program that is running.