Security

How to solve issue of Splunk Mobile Access Server only running on IPv6 and not being reachable over IPv4 with our CentOS Machine?

simonmaas
Explorer

Hello Splunk Team,

we have installed the Splunk Mobile Access Server on an CentOS v7 Machine.

Now we have the problem, that the splunk-mobile-server runs only on IPv6 and isn't reachable over IPv4 which is recommended for us.

sudo lsof -i -P | grep -i "listen" 

returns only:

Splunkm   5166    root   16u  IPv6  50393      0t0  TCP *:443 (LISTEN)

Do you know if it's a problem with our CentOS installation (Ports and FIrewall have been checked, 443 is closed for IPv4) or is it possible to solve this with a setting? Unfortunately, we couldn't find any settings in one of the .conf files.

Thank you very much,

Simon Maas (DextraData)

0 Karma
1 Solution

sni_splunk
Splunk Employee
Splunk Employee

Splunk mobile access server should run on top of IPv6 too and typically this is not a big deal. In mobile access server v1.0.1 or before, we don't provide an option to bind the server to a specific address and the server will bind to a port (443 in this case) for all available network interfaces.

Can you list all your network interfaces in your system available by running the following command?

ifconfig -a

It is probably your network interfaces have both IPv6 and IPv4 addresses, and IPv6 is preferred over IPv4 in your OS so mobile access server binds and listens to an IPv6 address instead of an IPv4 address. But I am far from an IPv6 expert, could you try the following options to see if any of them works for you:
1) configure CentOS to prefer IPv4 over IPv6
2) or disable IPv6 stack in CentOS
For example, you may try some methods here: http://www.reddit.com/r/CentOS/comments/2ms64x/disable_ipv6_stack_in_centos_7/

View solution in original post

sni_splunk
Splunk Employee
Splunk Employee

Splunk mobile access server should run on top of IPv6 too and typically this is not a big deal. In mobile access server v1.0.1 or before, we don't provide an option to bind the server to a specific address and the server will bind to a port (443 in this case) for all available network interfaces.

Can you list all your network interfaces in your system available by running the following command?

ifconfig -a

It is probably your network interfaces have both IPv6 and IPv4 addresses, and IPv6 is preferred over IPv4 in your OS so mobile access server binds and listens to an IPv6 address instead of an IPv4 address. But I am far from an IPv6 expert, could you try the following options to see if any of them works for you:
1) configure CentOS to prefer IPv4 over IPv6
2) or disable IPv6 stack in CentOS
For example, you may try some methods here: http://www.reddit.com/r/CentOS/comments/2ms64x/disable_ipv6_stack_in_centos_7/

jhillenburg
Path Finder

I disabled the IPv6 stack on CentOS 7 using their recommended method and verified that it is disabled using sysctl -p. Even after this, Splunk Mobile does not respond to external queries. Note that the firewall is disabled as well. This is a stock, basic CentOS 7 install using the wizard and no funny options.

0 Karma

simonmaas
Explorer

Thank you very much! That was the right Hint.
As the solution we configured the machine to prefer IPv4 over /etc/gai.conf (Last comment from your Link).

jhillenburg
Path Finder

What did you use for your /etc/gai.conf? This is what I entered, and no joy.

label::1/128    0
label  ::/0          1
label  2002::/16     2
label ::/96          3
label ::ffff:0:0/96  4
precedence  ::1/128       50
precedence  ::/0          40
precedence  2002::/16     30
precedence ::/96          20
precedence ::ffff:0:0/96  100
#precedence ::ffff:0:0/96  10
0 Karma

simonmaas
Explorer

Hello jhillenburg, sorry for my late answer, I hahave had some time off.

Yes exactly that solved the issue in our case (CentOS 7 x64 minimal).
Unfortunately the machine has been replaced with the new Spllunk Mobile Server 2 in the mean time. So I can't reproduce the complete configuration for you.

Greets, SImon Maas

PS: If you can't solve it this way or internal configuration, you could try to offer the Machine just IPv4 from your environment.

0 Karma

jhillenburg
Path Finder

I am seeing this exact same behavior, and am also running on CentOS 7.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...