Re: tcpip-forward requests and bind addresses

To: Niels Möller <nisse%lysator.liu.se@localhost>
Subject: Re: tcpip-forward requests and bind addresses
From: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Date: Thu, 17 Feb 2005 16:11:05 -0500

On Thursday, February 17, 2005 09:31:04 PM +0100 Niels Möller<nisse%lysator.liu.se@localhost> wrote:

Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:

We should be careful to specify exactly what we mean by "localhost",
"127.0.0.1", and "::1".  Do we mean that the ssh server should bind to
the loopback address, or that it should listen on all loopback
interfaces, regardless of address?


As for IPv6, my reading of RFC3513 is that ::1 is the only localhost
address. One may be able to set up routing for other addresses so that
they behave the same way ::1, but I don't think that's anything an ssh
implementation should be required to know about. For IPv6, "localhost
interface" = "localhost address" = "::1" seems to be consistent with
the referenced RFC, so I don't think there's any ambiguity.

No; you're making the same mistake of confusing an interface with anaddress. I believe that ::1 is the only loopback address; that is, it isthe only address that means "the same machine".

A loopback _interface_ is one for which traffic sent on that interface isonly received on that interface. Several operating systems allow thecreation of multiple of these, and you can assign them whatever address youwant and they still behave the same way. In some cases you can play gameslike setting up a loopback interface with a routable address, which is thenreachable via TCP from outside the machine, even though it is not theaddress of any of the machine's physical interfaces.

This _does_ happen, and it has nothing to do with what network protocolyou're running. We had to work around this in AFS, to avoid advertisingaddresses of loopback devices.

I think we want to be clear that if the client says to listen on'localhost', the server SHOULD NOT listen on non-loopback addresses justbecause they happen to be the configured addresses of loopback interfaces.


-- Jeffrey T. Hutzelman (N3NHS) <jhutz+%cmu.edu@localhost>
  Sr. Research Systems Programmer
  School of Computer Science - Research Computing Facility
  Carnegie Mellon University - Pittsburgh, PA

Follow-Ups:
- Re: tcpip-forward requests and bind addresses
  - From: Niels Möller

References:
- tcpip-forward requests and bind addresses
  - From: Darren Tucker
- Re: tcpip-forward requests and bind addresses
  - From: Niels Möller
- Re: tcpip-forward requests and bind addresses
  - From: Darren Tucker
- Re: tcpip-forward requests and bind addresses
  - From: Chris Lonvick
- Re: tcpip-forward requests and bind addresses
  - From: der Mouse
- Re: tcpip-forward requests and bind addresses
  - From: Darren Tucker
- Re: tcpip-forward requests and bind addresses
  - From: der Mouse
- Re: tcpip-forward requests and bind addresses
  - From: Niels Möller
- Re: tcpip-forward requests and bind addresses
  - From: Chris Lonvick
- Re: tcpip-forward requests and bind addresses
  - From: Chris Lonvick
- Re: tcpip-forward requests and bind addresses
  - From: Niels Möller
- Re: tcpip-forward requests and bind addresses
  - From: Chris Lonvick
- Re: tcpip-forward requests and bind addresses
  - From: Jeffrey Hutzelman
- Re: tcpip-forward requests and bind addresses
  - From: Niels Möller

Prev by Date: Re: tcpip-forward requests and bind addresses
Next by Date: Re: tcpip-forward requests and bind addresses
Previous by Thread: Re: tcpip-forward requests and bind addresses
Next by Thread: Re: tcpip-forward requests and bind addresses
Indexes:

Home | Main Index | Thread Index | Old Index