forwarding *some* web traffic to a virtual machine

Christopher Browne cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Sep 9 04:29:50 UTC 2010


On Thu, Sep 9, 2010 at 12:14 AM, D. Hugh Redelmeier <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org> wrote:
> Next step: programs query for AAAA records as well as A records and
> use the IPv6 in preference to the IPv4 address.  I don't remember but
> I think that the resolver may already provide such a capability.  This
> step could be merged into the previous one.

My bit of "network debugging" of the week roughly involved this...
No AAAA records involved, but IPv6 policy...

Someone was installing an internal app on their MacOS system, and were
having database authentication issues.

What apparently happened was that they were accessing the database on
"localhost," which I'd expect to be 127.0.0.1.  DB 'firewall rules'
(for those that care about the details, the Postgres "pg_hba.conf"
file controls Host Based Authentication policies) have traditionally
been set up based on IPv4.

There wasn't a rule for the IPv6 "localhost," so behaviour reverted to
a "deny access" default.  Add an IPv6 rule, and all's happy.

What was rather interesting was that the system (e.g. - instance of
MacOS) was clearly preferring to try to use IPv6 *first.*

That's a nice policy to have around; it certainly makes it easy to
validate what things fall over in an IPv6-leaning world.

The developer commented that they thought they could shut off IPv6.
I'd personally rather that we get opportunity to see when there *are*
clashes.
-- 
http://linuxfinances.info/info/linuxdistributions.html
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list