Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
distccd use both ipv6 and ipv4 simultaneously [solved?]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Wed Aug 23, 2017 6:01 pm    Post subject: distccd use both ipv6 and ipv4 simultaneously [solved?] Reply with quote

I initially thought I should set up my nameserver to return both ipv4 (static private IP) and ipv6 (slaac) addresses. It works fine for ssh, but when using distccd, it seems distccd does not listen to ipv6 addresses when ipv4 is enabled...

The workaround is to set ipv4 addresses only in /etc/distcc/hosts, but is it possible to get distccd to listen (and deny) both ipv4 and ipv6 addresses at the same time?

I do kind of worry that distccd, due to the slaac addresses, will listen to compile requests coming in over the WAN but my router should be blocking all incoming ipv6 packets except those destined to my server, so I think this shouldn't be an issue, though I would imagine I should still specify my ipv6 prefix as a mask (or perhaps use the link local addresses...).

IPV6 doesn't work:
Code:
$ ps ax|grep distccd|head -1
 3744 ?        SN     0:00 /usr/bin/distccd --verbose --no-detach --daemon --port 3632 -N 15 --allow 127.0.0.1 --allow ::1 --allow 10.0.0.0/24

Code:
$ telnet ::1 3632
Trying ::1...
telnet: Unable to connect to remote host: Connection refused
$ telnet ::1 22
Trying ::1...
Connected to ::1.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.5p1-hpn14v12

IPV4 works:
Code:
$ telnet localhost 3632
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.


---

I think I figured it out...sort of.
It looks like distccd does not listen to ipv6 by default. Unlike ipv4, it will not listen to your ports automatically when you allow them. Now unfortunately I have to specify my ipv6 address explicitly on the command line to listen to it, which is very gaudy, and wonder why this is needed for v6 but not v4.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
fjeldse
n00b
n00b


Joined: 04 May 2017
Posts: 1

PostPosted: Tue Aug 29, 2017 7:03 am    Post subject: Reply with quote

This was a while ago, but I had the same problem where I wanted to have more control over distccd than the command line seemed to provide. What I did instead was take advantage of distccd's inetd option get systemd to socket-activate it on TCP/3632 instead, with ListenStream=3632, BindIPv6Only=both, Accept=true and MaxConnections=15: Obviously you could use (x)inetd as well. One nice thing about using inetd mode is that distccd only runs if there are active clients!

Regarding limiting who can use the server, I added a server firewall rule to only allow access from the local IPv4/6 network (the router filters out stuff like that already too, but defense in depth is good.)
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Tue Aug 29, 2017 12:59 pm    Post subject: Reply with quote

I was thinking about using (x)inetd route as a last resort, but dismissed it because it would add a few milliseconds fork() latency, and from my experience, the slower distccd is, the less useful it is. I might have to figure out how to "fix" this...

Good to know that systemd's inetd path works, I hadn't thought about that (plus I have xinetd running on my systemd box. Department of redundancy department?)
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
stikonas
n00b
n00b


Joined: 25 Mar 2012
Posts: 4

PostPosted: Sat Mar 02, 2019 7:58 pm    Post subject: Reply with quote

Sorry to resurrect an old thread, but I think I've figured out how to do it directly. And it might be useful to those who stumble on this page.

You can simply specify
Code:
--listen ::
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13509

PostPosted: Sat Mar 02, 2019 10:08 pm    Post subject: Reply with quote

stikonas wrote:
Sorry to resurrect an old thread, but I think I've figured out how to do it directly. And it might be useful to those who stumble on this page.

You can simply specify
Code:
--listen ::
Beware that the shown option listens on wildcard. OP specifically wanted to avoid offering service to WAN-side clients.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5593

PostPosted: Sun Mar 03, 2019 9:56 pm    Post subject: Reply with quote

distccd still doesn't understand multi-homing or dual-stack as of this post - I just tried various combinations of v4/v6 --listen and it ignores all but the last option. I'm just going to stick with v6.

Hu wrote:
Beware that the shown option listens on wildcard. OP specifically wanted to avoid offering service to WAN-side clients.

True, but distcc will refuse to start without an --allow list anyway so it shouldn't be a problem.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum