netstat — why are IPv4 daemons listening to ports listed only in -A inet6?

Question

netstat — why are IPv4 daemons listening to ports listed only in -A inet6?

I have a computer with:

Linux superhost 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64 GNU/Linux

It runs Apache on port 80 on all interfaces, and it does not show up in netstat -planA inet, however it unexpectedly can be found in netstat -planA inet6:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp6       0      0 :::5672                 :::*                    LISTEN      2402/beam.smp   
tcp6       0      0 :::111                  :::*                    LISTEN      1825/rpcbind    
tcp6       0      0 :::9200                 :::*                    LISTEN      2235/java       
tcp6       0      0 :::80                   :::*                    LISTEN      2533/apache2    
tcp6       0      0 :::34611                :::*                    LISTEN      1856/rpc.statd  
tcp6       0      0 :::9300                 :::*                    LISTEN      2235/java       
...
tcp6       0      0 10.0.176.93:80          10.0.76.98:53704        TIME_WAIT   -               
tcp6       0      0 10.0.176.93:80          10.0.76.98:53700        TIME_WAIT   -

I can reach it by TCP4 just fine, as seen above. However, even these connections are listed under tcp6. Why?

Asked By: Mischa Arefiev

||

Source

Answer 1

By default if you don’t specify address to Apache Listen parameter, it handles ipv6 address using IPv4-mapped IPv6 addresses. You can take a look in Apache ipv6

The output of netstat doesn’t mean Apache is not listening on IPv4 address. It’s a IPv4-mapped IPv6 address.

Answered By: beginer

Answer 2

The reason for this is because all IPv4 addresses are also IPv6 addresses. A small range of IPv6 addresses was set aside to be used for one-to-one mapping of IPv4 addresses. For example, the IPv4 address 192.0.2.128 is accessible via the IPv6 address ::ffff:192.0.2.128. This was done so that any applications which support IPv6 only, could still listen on IPv4 addresses.
Note that this can’t be used for an IPv6 address (non-mapped) to talk to an IPv4 address without other things involved, as the IPv4 won’t know how to handle the IPv6 address (you can use NAT, or other solutions though).

Since all IPv4 addresses are represented in IPv6, when asking netstat to list apps using IPv6, you’re also going to get IPv4.
It could represent 10.0.176.93 as ::ffff:10.0.176.93, or even ::ffff:a00:b05d, but the application developers chose to show it as a regular dotted-notation IPv4 address.

Answered By: phemmer