GeoIP module breaks for IPv4 when IPv6 is enabled
mdounin at mdounin.ru
Fri May 13 20:44:27 MSD 2011
On Fri, May 13, 2011 at 05:05:02PM +0200, Matthias Saou wrote:
> I just enabled IPv6 on some web servers running nginx, and the $geoip_*
> variables all broke for existing IPv4 traffic.
> This seems to be because when not changing the net.ipv6.bindv6only
> sysctl value to 1 on Linux, choosing to "listen [::]:80" has nginx
> automatically work for IPv4 connections, but receiving source IP
> addresses as IPv4-Mapped IPv6 addresses :
> Before the listen change : 192.168.38.87
> After the listen change : ::ffff:192.168.38.87
> Lots of details are in rfc4291, rfc4038 (and surely others), but I
> think that this configuration should be gracefully handled by the GeoIP
> This was tested with nginx 1.0.2 on Red Hat Enterprise Linux 5 x86_64.
Right now geoip module doesn't support ipv6. Please note that
you've not "enabled ipv6" but rather moved your server to ipv6 as
> A workaround is to change net.ipv6.bindv6only to 1 and have two
> different listen directives as "80" and "[::]:80" for all "server"
> sections, but that would be best avoided just to fix this.
The same may be done at nginx level with "listen ... ipv6only=on".
More information about the nginx-devel