HomePage

About Jason

Services

Articles

Jason's previous work

Personal notes

edit SideBar

Binding Service To Local Address

On a Unix/Linux box, there are many occassions that you need to run a network service that is only available to the localhost. For security reason, you really don't want to expose too many service out to the public. In default install, most services would answer to request from any IP addresses.

A good example would be running MySQL on a host that do not require remote access from anywhere else, all admin and data access are done from the localhost. In such cases, you could bind the service to the local interface and that service would only answer traffic coming from localhost (127.0.0.1). This would drastically reduce your exposure to the outside world.

Even if you do need remote admin access, you might be able to establish a SSH tunnel and tunnel traffic from client to the specific server's server port since SSH tunnel traffic are considered local.

The downside is the setup for this is complicated. Each service has its own setup so you need to read up on the mannual to see how it can be done on the service of interest.

Here is a video demonstrating how to bind SSH to the local interface so it cannot be accessed thru the network. Obviously, this is not very useful in real life, but it's a good demo.