we are using an API from a company for doing payments on our system. this company can accept only IP v4 from the user. it means if the user with IP v6 goes to the last payment step, and starts to pay with his/her credit card, the company does not accept it and payment will be failed.
my question is: is there any way to convert or change the user IPv6 to IPv4 in the last step? for example something like a proxy or something else.
I know that IP v6 and IP v4 have different mutually incompatible network addressing schemes. but is there any way to handle this process that converts or changes it by proxy or something?
There is no way to "convert" an IPv6 to an IPv4 address.
There's 2^128 IPv6 addresses in the world (that's a number with 38 digits) but only 2^32 (4 billion) IPv4 addresses. There's ways to write an IPv4 address as an IPv6 address (1.2.3.4 == ::ffff:1.2.3.4 or ::ffff:102:304), but that's still an IPv4 address.
Also, there is no requirement that a client even has to have both IP versions. There could be a client that only has IPv4 (no IPv6), and there could be a client that only has IPv6 (no IPv4).
If the payment company is stuck in the past and only supports IPv4 for the payment transactions, I would recommend finding a new payment company. Do they have any support articles regarding IPv6 support? Did you contact their support and asked for suggestions?
Or is it that the company supports IPv6 just fine and your application doesn't? Then I'd suggest making your website support IPv6.
Related
As far as i know what we get from a dns query is a ip address. So in the end of the day if thats true we are still using ip addresses to connect the server and domains are pretty names for them.
So how does a server know which domain i used to query that ip address?
How does vhosts work an understand that if the domain data is lost during dns query?
The Internet works in layers. Each layer uses different kind of parameters to do its work.
Layer 3 is typically IP aka Internet Protocol. To work it uses IP addresses, each computer has at least one to be able to discuss with another one. And there are two families in fact: version 4 and version 6.
Since multiple services can be on any given computer at some point, you need a layer on top of that, layer 4, that deals with transport. The "predominant" one is TCP aka Transport Control Protocol, but there is also UDP. TCP and UDP uses ports: a 2 bytes integer that encodes for a specific protocol.
For example, HTTP was given port number 80 (completely arbitrary), and HTTPS port 443.
The DNS, which itself uses UDP and TCP (on port 53), allows, among other things, to map a given hostname to a given IP address or multiple IP addresses. This is the typical A and AAAA records. There is also a CNAME record that maps one domain name to another. There also exists a SRV record that maps a service (which is a protocol name + a transport) to a given hostname and port number.
When one computer connects to another, its first step for all the above is to find out which IP address to use to connect to. It can use the DNS for that. Typically it will get only the IP address, but, depending on the protocol (layer above 4), may also get a port (if using SRV records).
The HTTP world does not use SRV records. So a browser just uses the hardcoded 80 or 443 ports, or the port number appearing in the URL.
Then we are at the transport level, let us say TCP.
The connection is done (since now the remote IP address and port are known) and the protocol above TCP, like HTTP, is free to convey any kind of extra data, such as the hostname that the client initially used (as taken from the URL) to find out the IP address.
This is done through the HTTP host header, see RFC 2616
Note that if you do things through TLS (which conceptually sits between TCP and HTTP) there is even something else happening: SNI or Server Name Indication.
When doing the TLS handshake, so before any kind of HTTP headers or content, the client will send the final hostname desired in some specific TLS message. Why? So that the server can find which specific certificate it should answer which as otherwhise it would not be able to know which hostname is requested as this sits in some HTTP header which do not exist until the TLS handshake is finished.
A webserver will be able to see both the SNI content to find out which certificate to send back and then the host header to find out which VirtualHost (in Apache) section is relevant to the query being processed.
If you are not in HTTP world, then it all depends on the protocol used. Older protocols, like FTP, did not plan for "multihoming" at the beginning, a given IP address meant only one hostname and service for example.
I have 3 devices each of them have Mosquitto broker running on them. Each of this device has subscriber and publisher.
I am using IP of each device to open port at 8883 and exchange messages --> subscribe/publish their messages. If the case happens to be that devices use dynamic IP., How can I publish new IP-PORT address to its clients that are already connected? How to tackle this problem. Is my approach correct? Is there any other way I can create my own private IP-PORT address to the broker?
Your broker needs to be reachable at a known location, be that fixed IP address or a DNS entry that points to it's current IP address.
Any clients connected at the time the IP address changes will be disconnected and will need to reconnect.
You've not said if these are all on the same LAN or spread across the internet, but either way you need some sort of dynamic DNS solution.
If the devices are all on the same LAN then you can use Avahi/mDNS/Bonjour to discover the current address of the device in the .local domain. Each broker will need to have a unique name.
If you are in a none lan environment then you will need to use a proper Dynamic DNS solution and have each broker have a unique fully qualified DNS name that the host machine can update when ever it's IP address changes.
Both of these solutions are more network admin solutions than programming questions so I suggest you ask on SuperUser if you have follow up questions.
There is a 3rd option, which is to have a 4th broker on a fixed IP address that acts as a central bridge for all the other brokers.
I am now maintaining a piece of code that has a warning not to use the value 0 or 255 in an IP address for hosts.
Can someone help and shed some light on the restriction, if any, on IP address for host? It is mandatory to backup the info from a trusted source.
I found a few sources around the internet but non are official or trusted enough.
The most reliable info I found until now is located at RFC1123 section 2.5 and here at the IANA IPv4 Address Space Registry.
Back in the days of Class A, B, and C addresses, a class C address that ended in .0 referred to the entire subnet, and .255 was the broadcast address for the subnet. So these addresses couldn't be used for individual hosts.
However, address classes became obsolete decades ago, when Classless Inter-Domain Routing (CIDR) was developed to make more efficient use of IP addresses. This is described in RFC 4632. The general idea is that each network has an explicit subnet mask, which need not exactly match octet boundaries in IP addresses. So the assumption that .0 and .255 are the network and broadcast addresses is no longer valid.
I don't know which software / library you're using, but I vaguely remember reading this a few years ago about IP address schemes of days long past. In any way, today there's no such rule.
I am developing a website by using ASP.NET. I want to implement login authentication for my users. I want to implement password authentication delay if user enters wrong password frequently.
So I have field to store IPV4 address to identify the user's IP. Currently I am using unsigned int field to store the IPV4 addresses.
So my question for you is What about the IPV6 addresses? Do I need to worry about IPV6 addresses? Currently I have no data field to store IPV6 addresses.
Do I need to modify my web application to identify the IPV4 and IPV6 addresses?
Is IPV6 is practically using?
Yes you need to be able to handle IPv6 addresses. More and more ISPs are already offering IPv6 connectivity (30% of Belgium is on IPv6, certain mobile providers in the us are > 50% IPv6 etc). That your users will be able to connect over IPv6 is almost a certainty for any website you build today.
How to store the addresses is a different question. Some databases (like e.g. PostgreSQL) have special field types for storing IPv4/v6 addresses. If possible use those. Storing them as an integer isn't very practical unless you have native support for 128 bit integers. Storing them as text is possible. IPv6 addresses should be written following the rules of RFC 5952. Most library functions giving a text representation of an IPv6 address should output following these rules so you shouldn't need to implement anything yourself.
Also remember that with IPv6 a user has many many IPv6 addresses available. With IPv4 they usually use NAT and a whole network will appear as a single address. With IPv6 every device has one or more global addresses. A single LAN is usually a /64 (first 64 bits stay the same, last 64 bits can be used by devices) so you might want to take that into account when determining your rate limiting.
I'm adding GeoIP tracking to WCF Web Service using MaxMinds' GeoIP Lite Country. All works well for their IPv4 database but they don't give any samples to calculate an IPv6 IP Number. I've contacted them and they said to use a search engine.
Anyone have a sample they're willing to share? Any language will do.
Its not a duplicate question per se, but from here:
There is no IPv4 to IPv6 mapping that
is meaningful. things like 0.0.0.0 and
127.0.0.1 are special cases in the spec, so they have equivalent meaning.
But given an IPv4 address it tells you
nothing about what its specific IPv6
address would be. You can use a DNS
lookup to see if a given IP address
resolves to a host which in turn
resolves to an IPv6 address in
addition to an IPv4 address, but the
DNS server would have to be configured
to support that for the specific
machine.