GeoIP module breaks for IPv4 when IPv6 is enabled

Maxim Dounin mdounin at
Fri May 13 20:44:27 MSD 2011


On Fri, May 13, 2011 at 05:05:02PM +0200, Matthias Saou wrote:

> I just enabled IPv6 on some web servers running nginx, and the $geoip_*
> variables all broke for existing IPv4 traffic.
> This seems to be because when not changing the net.ipv6.bindv6only
> sysctl value to 1 on Linux, choosing to "listen [::]:80" has nginx
> automatically work for IPv4 connections, but receiving source IP
> addresses as IPv4-Mapped IPv6 addresses :
> Before the listen change :
> After the listen change : ::ffff:
> Lots of details are in rfc4291, rfc4038 (and surely others), but I
> think that this configuration should be gracefully handled by the GeoIP
> module.
> This was tested with nginx 1.0.2 on Red Hat Enterprise Linux 5 x86_64.

Right now geoip module doesn't support ipv6.  Please note that 
you've not "enabled ipv6" but rather moved your server to ipv6 as 
a whole.

> A workaround is to change net.ipv6.bindv6only to 1 and have two
> different listen directives as "80" and "[::]:80" for all "server"
> sections, but that would be best avoided just to fix this.

The same may be done at nginx level with "listen ... ipv6only=on".

Maxim Dounin

More information about the nginx-devel mailing list