'Last IP address' being prefixed by '::ffff:'

AstonJ · May 11, 2018, 1:03pm

This appears to have started recently - if you go to a user’s profile > admin - their last IP address is shown as prefixed with ::ffff: (and so when you do an ip lookup it does not work).

codinghorror · May 11, 2018, 2:11pm

No repro here on meta.

AstonJ · May 11, 2018, 2:45pm

Could this be related:

I did add a record to allow IPv6 recently, so could that be it? Do you have IPv6 enabled here?

codinghorror · May 11, 2018, 7:19pm

This (meta) is running on AWS as a dogfooding experiment, so it is possible it is not, because as I understand it AWS doesn’t use ipv6 at all… but we’d need to ask @mpalmer

Falco · May 11, 2018, 8:39pm

Meta is now fully IPv6 compatible.

AstonJ · May 12, 2018, 12:00am

Nice! Were you getting the ::ffff: problem too?

Falco · May 12, 2018, 12:09am

It looks just fine for me:

I bet a beer you use a reverse proxy and not vanilla Discourse with only the internal nginx

AstonJ · May 29, 2018, 4:07pm

Sorry only just coming back to this. Yes I use HAProxy on the front

Do I need to do anything special on the Discourse side to enable IPV6?

On the HAProxy side I believe I have changed everything I need to, specifically:

bind *:80
to
bind :::80 v4v6

and

bind *:443 ssl crt /etc/haproxy/certs/
to
bind :::443 v4v6 ssl crt /etc/haproxy/certs/

On http://ready.chair6.net everything passes except for:

IPv6 Connectivity - FAIL - Could not connect (to site) on port 443 over IPv6.

Any idea what I might be missing?

supermathie · May 29, 2018, 4:21pm

Try instead using two lines as follows:

bind *:80
bind :::80 

bind *:443 ssl crt /etc/haproxy/certs/
bind :::443 ssl crt /etc/haproxy/certs/

AstonJ · May 29, 2018, 5:06pm

Hi Michael, updated to:

  #bind *:80
  #bind :::80 v4v6
  #bind *:443 ssl crt /etc/haproxy/certs/
  #bind :::443 v4v6 ssl crt /etc/haproxy/certs/
  bind *:80
  bind :::80 
  bind *:443 ssl crt /etc/haproxy/certs/
  bind :::443 ssl crt /etc/haproxy/certs/

But I’m still getting the same thing. Here’s the full report in case it helps.

supermathie · May 29, 2018, 5:08pm

fe80::6e62:6dff:fe46:abf9 is a link-local address, only intended to be used by a machine on the same broadcast domain as the server. Nothing else on the Internet will ever be able to connect to it.

Does the server have a “real” IPv6 address (such as something starting with a 2)?

AstonJ · May 29, 2018, 5:31pm

Awesome - fixed! (I needed to change my server from IPv6 discovery to Static configuration and add the range manually.)

Thanks for your help

system · December 25, 2020, 3:36am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Inconsistent / missing registration & last IP support	15	1243	April 29, 2023
Remote users IPV6 address shows as localhost support	30	4395	September 13, 2020
Last IP shows Reverse Proxy IP address support	6	2174	October 8, 2022
Add IP info lookup for Admins feature rfc , spec	24	8055	September 8, 2014
Last IP address and action_dispatch.trusted_proxies support	8	4058	March 7, 2019

'Last IP address' being prefixed by '::ffff:'

Related Topics