I'm trying to disable IPv6 completely on my NFS server (Ubuntu 12.04 LTS precise), but still seem to have some IPv6 ports listening as shown when I run netstat -lp:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:60377 *:* LISTEN -
tcp 0 0 *:49115 *:* LISTEN 1744/rpc.mountd
tcp 0 0 *:nfs *:* LISTEN -
tcp 0 0 *:54658 *:* LISTEN 1744/rpc.mountd
tcp 0 0 *:sunrpc *:* LISTEN 450/rpcbind
tcp 0 0 *:55730 *:* LISTEN 709/rpc.statd
tcp 0 0 *:48181 *:* LISTEN 1744/rpc.mountd
tcp6 0 0 [::]:37004 [::]:* LISTEN -
udp 0 0 *:55738 *:* 1744/rpc.mountd
udp 0 0 *:43533 *:* -
udp 0 0 *:43687 *:* 709/rpc.statd
udp 0 0 *:sunrpc *:* 450/rpcbind
udp 0 0 *:615 *:* 450/rpcbind
udp 0 0 localhost:885 *:* 709/rpc.statd
udp 0 0 *:50206 *:* 1744/rpc.mountd
udp 0 0 *:54380 *:* 1744/rpc.mountd
udp 0 0 *:nfs *:* -
udp6 0 0 [::]:46857 [::]:* -
I have disabled IPv6 on a kernel level in /etc/sysctl.d/ipvf-disable.conf:
#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
And also in /etc/netconfig:
udp tpi_clts v inet udp - -
tcp tpi_cots_ord v inet tcp - -
#udp6 tpi_clts v inet6 udp - -
#tcp6 tpi_cots_ord v inet6 tcp - -
rawip tpi_raw - inet - - -
local tpi_cots_ord - loopback - - -
unix tpi_cots_ord - loopback - - -
After these changes were made, I rebooted and the above netstat output didn't change. The UDP6 and TCP6 ports that are open seem to be kernel ports (hence the lack of PID), and they disappear when I run /etc/init.d/nfs-kernel-server stop.
I found the following bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648635 that matches my issue, but it doesn't seem to have any replies. Am I missing something here, or is this a bug?
EDIT – To clarify, there is code that does not run well with any IPv6 (yes, it's crappy code and it can't be changed easily) as it reads netstat and breaks. Any ideas on how to remove the IPv6 references from netstat would be appreciated.
Best Answer
For the sake of being complete, I managed to get get a workaround for this specific case going by creating a "netstat" shell script that parses IPv6 out of the existing netstat and feeding the application an alternative PATH including this script.
NOTE - This is obviously not a good idea as a permanent fix, but with no better option open to me it seemed to work.