When a program is listening for new TCP connections, it needs to choose which ip address and port to listen on. While the port option is pretty easy to understand1, people give less thought to the address they use. Why is that?
Usually programs bind to one of two addresses:
127.0.0.1 to listen on the
loopback interface or
0.0.0.0 to listen on all interfaces. While those are the
most common options, some people have more complex setup that won’t fall in one
of those two options. For example, Google Chrome will only let you expose its
CDP port to the loopback interface, which make sense for most people but not if
you want to expose it remotely. The other option is also not always nice to
have. Beside security risks of listening on all interfaces, sometimes you might
have different interfaces for different services and listening on
cause a port collision.
If you need to forward ports from the loopback interface to another interface,
you can use
socat(1) is a great program that will forward
almost any type of socket to almost any type of socket. Sadly it requires
another running process but it fixes the problem of loopback only programs
without patching the program itself.
Beside the surprising zero port maybe ↩︎