[colug-432] 0.0.0.0.

Rick Hornsby richardjhornsby at gmail.com
Sun Apr 19 15:29:04 EDT 2015 


Steve VanSlyck wrote:
> Hi guys.
>
> A popular site on the web says, "By default the Salt master listens on
> ports 4505 and 4506 on all interfaces (0.0.0.0). To bind Salt to a
> specific IP, redefine the "interface" directive in the master
> configuration file...."
>
> What does "interface" mean in this context?

Generally in this context interface means the IP address(es) of your 
server.  You can bind to 127.0.0.1, which would only listen for traffic 
on the loopback interface.  Nothing on your LAN (and the WAN) would be 
able to reach the service.  If you set it to your ethX/enX IP address, 
the service would listen for traffic bound for just that address.

Most of the time you can allow the service to bind to all interfaces 
(0.0.0.0) without any problems.  The default in this case is probably fine.

It is a little bit confusing because normally we think of the interface 
as the piece of hardware with the MAC address.  Here interface means, 
essentially, IP address.

> Does this mean that salt can be configured to listen on these to ports
> only from requests that identify themselves as coming /from/ a
> particular IP address, or which are addressed /to/ a particular IP
> address (i.e., the IP address of the system Salt is installed on), or
> does it mean something self.

To a particular destination IP address -- on the host on which Salt is 
running.

Interface binding in this context is not related to the source address.


rhornsby at archer:~ $ netstat -anl | grep LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN


This shows 3 services that are listening for traffic on ports 22, 6010, 
and 445.

Whatever is listening on 6010 is *only* listening on 127.0.0.1.  This 
might be referred to as "bound to the loopback interface".  Traffic from 
any host except archer (localhost) destined for port 6010 will fail.  
Ports 22 (ssh), and 445 (smbd) are listening for traffic on any 
interface (IP address).

When might you want to bind to a specific interface?  If you have a 
computer with multiple IP addresses or attached to multiple networks, 
and you don't want to listen for traffic from all networks.  Another 
example - if I have an HTTP server (port 80) that I'm only using locally 
I might bind it to 127.0.0.1 so that no one on the rest of the network 
or the Internets could get to it.

-rick

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20150419/b06de114/attachment.html

More information about the colug-432 mailing list