Home / server / Questions / 810688
Accepted
miloske85
Asked: 2016-10-23 11:44:55 +0800 CST

Elastic Search listening only on IPv6 [CentOS]

  • 772

I've installed Elastic Search 1.7.4 on CentOS 7.2 this way:

wget https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.7.4.noarch.rpm
sudo rpm -ivh elasticsearch-1.7.4.noarch.rpm

The service is started and ES works (verified with curl), however, it only listens to IPv6 with default configuration. netstat -na gives me the following:

tcp6       0      0 :::9200                 :::*                    LISTEN     
tcp6       0      0 :::9300                 :::*                    LISTEN

Using nmap from other servers I see that ports 9200 and 9300 are filtered, firewall is disabled.

Editing /etc/elasticsearch/elasticsearch.yml and setting:

network.bind_host: 0.0.0.0

doesn't change anything. Setting this to the external IPv4 address of the server does add the additional two entries in netstat -na output, but I need ES to be accessible to my local network, so this is useless and netstat still registers this as tcp6.

tcp6       0      0 192.168.0.54:9200       :::*                    LISTEN     
tcp6       0      0 192.168.0.54:9300       :::*                    LISTEN

setting:

network.bind_host: _eth0:ipv4_

Causes ES to bind to the local IPv4 and then it is of course only available from the local server. Omitting the "ipv4" part causes ES to bind to IPv6 address of the NIC.

How do I enable ES to bind to IPv4? I have no alternative, my network is IPv4 only and I have to use this old version of ES because I'm running some applications that require this version.

centos7 elasticsearch

3 Answers

  1. Best Answer

    From unix exchange.

    This is happening because by default, AF_INET6 sockets will actually work for both IPv4 and IPv6. See section 3.7 - Compatibility with IPv4 Nodes of RFC 3493 - Basic Socket Interface Extensions for IPv6

    But as you've figured out, firewalld is enabled out of the box.

    create this file to your /etc/firewalld/services/elasticsearch.xml

    <?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Elasticsearch</short>
  <description>Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management.</description>
  <port protocol="tcp" port="9300"/>
  <port protocol="tcp" port="9200"/>
</service>

    Update permissions

    chmod 0400 /etc/firewalld/services/elasticsearch.xml
chown root: /etc/firewalld/services/elasticsearch.xml

    Run these commands

    firewall-cmd --zone=public --add-service=elasticsearch --permanent
firewall-cmd --reload
    • 7

  2. This is a common pitfall with ES, because there are two network settings that need to be set: network.bind_host AND network.publish_host. Because of this, the ES devs have added this shortcut:

    network.host: 0.0.0.0

    I've had some other problems with ES when IPv6 was enabled but not configured so you might want to edit the sysctl.conf:

    net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

    And do sysctl -p.

    • 2

  3. Try disabling the firewall that comes pre packed with centos 

    systemctl disable firewalld
systemctl stop firewalld

    https://bytefreaks.net/gnulinux/how-to-startstop-or-enabledisable-firewalld-on-centos-7

    I recommend a dedicated hardware firewall in front of the machine, I would NOT rely on a software firewall on the machine you are using. If an attacker is hitting the machine, it's already too late.

    • -2