Closed lpvm closed 3 years ago
kegsay
commented
3 years ago Not sure what's happening with your configuration, but it does listen on :8008 by default. You can configure this with -http-bind-address. Closing this, as I'm confident we do listen on ipv4 8008/tcp.
neilalexander
commented
3 years ago This is actually a platform-specific peculiarity. Linux, macOS and Windows will accept IPv4 and IPv6 traffic on an IPv6 wildcard [::] listener, but that behaviour is not so common on BSDs. As per https://man.netbsd.org/inet6.4:
By default, NetBSD does not route IPv4 traffic to AF_INET6 sockets. The default behavior intentionally violates RFC 2553 for security reasons. Listen to two sockets if you want to accept both IPv4 and IPv6 traffic.
In this instance, the best thing to do is to pass a -http-bind-address as @kegsay mentioned, or configure nginx to reverse-proxy to the IPv6 address.
lpvm
commented
3 years ago Thanks all. In short, BSDs have a correct behavior and other systems have not. A mention of this case on the documentation would be great for BSD users.
perj
commented
3 years ago Not really the place to argue about this but the complexity of juggling multiple listening sockets as well as multiple address families can easily add security problems as well, so it's not really that obvious that the BSD behavior is more secure.
Add to that it makes the IPv6 transition more complicated and time consuming, plus that it breaks the specification.
It's not at all obvious that the BSDs are doing the correct thing here IMO.
Sorry, pet peeve.
I've setup dendrite-monolith-server and it's running. But as my nginx reverse proxy couldn't find the matrix server, I checked whether port 8008 was open.
sockstat -p 8008In
dendrite.yamlcan't find anything related to ipv4 or ipv6 protocols. This is running under NetBSD 9.1What is happening?