Logging the outgoing port for IPV4

Draconar asked:

I need to become an IPV4 and IPV6 expert in a couple of hours.

Our company is being bullied by the internet legislator in our country to move fast to offer the site in IPV6 only (we are just content providers, not a ISP or the like)

The demand that the internet legislator here in Brazil is making upon us is that by sticking to IPV4 we wont be able to offer the Justice system enough information on certain users (when probed) once IPV6 is fully operational. That is certainly bogus.

But what is not bogus and can affect us is the following attribution they are impinging upon us:

That by sticking to IPV4 we are going to log the IP address from all the users + the OUTGOING port they got from their ISPs. Is that info even available in the IP protocol? They tell us that when the ISPs start to use NAT to give the same address to a group of users, we will need the outgoing port to uniquely identify these people.

Another question is: when someone gets out of their ISP using IPV6 will they be able to reach our old IPV4 website?

My answer:


Yes, you can log the remote port number for incoming HTTP connections.

For instance, with Apache, you would add %{remote}p to your CustomLog to log the remote port number.

With nginx, the remote port number is in $remote_port which you can add to your log_format.

Remember when you change the log format, you also need to adjust any tools that you use to parse the logs.

As for IPv6, the usual thing for content providers (and everyone else) is to run dual-stack, i.e. serve content on both IPv6 and IPv4. You should have already pressured your data center to provide you with IPv6 service and deployed it on your web site. If they won’t give it to you, consider moving your site to some provider who will.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.