IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: tcpip-forward requests and bind addresses
Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:
> A loopback _interface_ is one for which traffic sent on that interface
> is only received on that interface. Several operating systems allow
> the creation of multiple of these, and you can assign them whatever
> address you want and they still behave the same way.
Is there any functional difference between
* creating two loopback interfaces, and assing them one address each,
127.0.0.1 and 192.0.2.1.
* using a single loopback interface, with two assigned addresses,
127.0.0.1 and 192.0.2.1.
In the second case, I guess one can set up a route saying that
192.0.2.1 is reachable via the localhost interface, and forward
packets received on other packets to the loopback interface, but I
don't see what one can achieve by doing that.
For ssh forwarding, the question is whether or it's desirable, in this
case, that ssh localhost forwarding listens 192.0.2.1. This is too
obscure to me. Why would anybody setup addresses and routing so that
packets are forwarded do an address on the loopback interface? Is the
point to treat some remote processes as if they were local? Then it
might make sense to have ssh treat them as local too.
I'm curiuos if you would like to explain this, but I feel we're
getting slightly off-topic. Back to the proposed text:
> "localhost" means to listen on all protocol families supported by
> the SSH implementation on loopback addresses only, [RFC3330] and
> [RFC3513].
This doesn't talk about interfaces, only addresses. For IPv6, that's
only one addrss (according to RFC3513). For IPv4 one have the choice
of either using only the canonical loopback address, or all configured
addresses in the entire loopback block. I don't think it matters much,
and can be left to the implementation. IPv4 addresses outside of the
127.0.0.0/8 block should never come into play.
A possible clarification is
"localhost" means to listen on all protocol families supported
by the SSH implementation, on their respective canonical
loopback addresses only, [RFC3330] and [RFC3513].
> "127.0.0.1" and "::1" indicate listening on the loopback
> interfaces for IPv4 and IPv6 respectively.
If we change this to say "address" instead of "interfaces", does that
make everybody happy? Like "0.0.0.0" and "::", these really aren't
special cases.
/Regards,
Home |
Main Index |
Thread Index |
Old Index