Re: netstat output
Israel Garcia <igalvarez@gmail.com>> wrote:
>> server:~# netstat -tulp
>> Active Internet connections (only servers)
>> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
>> tcp 0 0 *:mysql *:* LISTEN 14399/mysqld
>> tcp 0 0 server.domain.:www *:* LISTEN 13109/apache2
>> tcp 0 0 *:ssh *:* LISTEN 1376/sshd
>> tcp 0 0 *:afs3-fileserver *:* LISTEN 14626/haproxy
>> tcp 0 0 localhost:11000 *:* LISTEN 14537/ruby
>> tcp 0 0 localhost:11001 *:* LISTEN 14540/ruby
>> tcp 0 0 *:smtp *:* LISTEN 2146/master
>> tcp 0 0 localhost:11002 *:* LISTEN 14543/ruby
>> tcp 0 0 *:2812 *:* LISTEN 24723/monit
>> tcp6 0 0 [::]:ftp [::]:* LISTEN 26779/proftpd <--tcp6
>> tcp6 0 0 [::]:ssh [::]:* LISTEN 1376/sshd <--tcp6
>> udp 0 0 *:41746 *:* 14626/haproxy
>> udp 0 0 *:45110 *:* 833/collectd
> Maybe you have to disable ipv6
> Some hints are in http://lists.debian.org/debian-user/2009/09/msg00621.html
You have to pass an ipv4-only option to sshd at startup by setting
SSHD_OPTS to "-4" in /etc/ssh to stop ssh listening on ipv6.
If your kernel is old enough to have been compiled with ipv6 as a
module then there are a few ways that you can disable ipv6 by changing
some settings in /etc/modprobe.d/ or in /etc/sysctl.conf.
You will be able to use these methods if
"grep -i ipv6 /boot/config*"
returns
"CONFIG_IPV6=m"
(and not "CONFIG_IPV6=y").
You could also load ip6tables rules to drop all ipv6 traffic.
Reply to: