Problem: Most services are binding to an ipv6 port rather than ipv4. I see this for puppet, foreman-proxy, etc. We are not using ipv6. How do I change the bindings?
Expected outcome: All service bind with ipv4 ports.
Our services usually bind to *. Usually that’s implemented by binding to ::. There is a sysctl bindv6only to make :: IPv6-only, but that’s not the default. By default :: is binding to both IPv4 and IPv6. If you use bindv6only=1 you are on your own. There are advanced parameters to tune the exact binds, but IPv4-only is the opposite direction of where we are heading.
If you want to bind to IPv4, you’re on your own for that. We test our envs in setups where there is only IPv4 connectivity and that works while binding to ::. If the problem is you can’t connect, that may be a different matter. In that case you need to provide more context about what you’re doing and your environment.
What I mean is that there is no ipv4 port 80 listening for httpd for example. So, I can’t reach the gui with a web browser. I’m going to re-kick and re-install with adding code to disable ipv6. Will see if that fixes it.
I’m going to blame firewalld. That is normally disabled. So, I did not even think to look there. I re-kicked and added code to disable ipv6. I could see the ports up and listening, but still could not connect. So, I tried systemclt is-enabled firewalld and got back enabled. So, I ran some commands to enable satellite and ntp through firewalld and re-checked the connection. It is now connecting.
I love this tool, the moment I started using firewalld I almost forgot how ugly iptables is and with few exception, I never had to write an iptable rule anymore. For regular servers, you usually only need to assign interfaces into zones, add few services or ports and that’s all.