0

Having two services exposed on the same machine, do my connections go to the router and back to my machine if I'm using my internal LAN IPv4 address?

If yes, Is it possible to prevent this by using 127.0.0.1?

Services are ALWAYS on the same machine and IPv4 address does not change in time. Services are exposed on a UNIX or windows machine without knowledge

Lazarus
  • 3
  • 1

2 Answers2

1

No, the connections do not go to the router and back.

If the IP address of your machine is 10.1.2.3, and you are opening a connection to 10.1.2.3 from that machine the connection is handled internally and never leaves your machine.

Esa Jokinen is correct, that the loopback interface is meant exactly for this purpose, and not using it has some implications (mostly regarding security), but for practical purposes it does not make any difference if you use 10.1.2.3 or 127.0.0.1.

It's good practice to limit your service to the loopback device if you don't need your service to be accessible from other hosts.

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
  • It seems I skipped the first question, rushing to answer the second one. While my answer follows the best practices and is quite detailed, this answers the question better. +1 – Esa Jokinen Apr 28 '20 at 13:22
  • Thanks for your answer, so there is no difference between the two endpoints in terms of network traffic. Connections get internally re-routed to the same machine without sending any packet to the outside or to the router. So I think that having a firewall blocking connections on 8080 port on the router does not affect my connections, even when using my IPv4 address... am I right? Thanks – Lazarus Apr 28 '20 at 19:58
  • The firewall on the router has absolutely no effect on the traffic of the internal network (the complete 10.2.3.0/24 IP space in my example), including the traffic that stays on a single machine. – Gerald Schneider Apr 29 '20 at 06:29
0

Yes, it is. This feature called local loopback is specially intented for the purpose you describe: it enables the applications on the same machine to communicate with each other.

Not only the 127.0.0.1 but all addresses within 127.0.0.0/8 are Special-Purpose IP Addresses reserved for local loopback. This is currently specified in RFC 8190, 2.2.2, but it dates back to at least RFC 1122, 3.2.1.3 from October 1989:

(g) { 127, <any> }

Internal host loopback address. Addresses of this form MUST NOT appear outside a host.

The local loopback is typically implemented as a virtual network interface on the networking software of your operating system (e.g. lo, lo0 on UNIX or Loopback Pseudo-Interface 1 on Windows); therefore, it doesn't even pass the packets to any network interface controller on the machine.

For completeness, there's also:

It may be used by a node to send an IPv6 packet to itself. It must not be assigned to any physical interface.

  • Unix sockets works similarly, but entirely within the kernel, using e.g. the filesystem as their namespace: two processes can communicate by opening the same socket ("file").

    The AF_UNIX (also known as AF_LOCAL) socket family is used to

communicate between processes on the same machine efficiently. Traditionally, UNIX domain sockets can be either unnamed, or bound to a filesystem pathname (marked as being of type socket). Linux also supports an abstract namespace which is independent of the filesystem.

Community
  • 1
Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
  • Thanks for your answer, so in the end 127.0.0.1 should prevent any outgoing connection from my machine to my router. Did i understand well? I'm going to read the articles you posted here – Lazarus Apr 28 '20 at 12:59
  • I disagree. As far as I know, connections from a host to it's own external IP address don't go through the router. – Gerald Schneider Apr 28 '20 at 13:01
  • I don't see where `Having two services exposed on the same machine, do my connections go to the router and back to my machine if I'm using my internal LAN IPv4 address?` is related to the loopback interface. – Gerald Schneider Apr 28 '20 at 13:10
  • I see your point now: while *local loopback* is THE solution for this, it might not be *that bad* to use the external address, either. I'd still prefer the loopback address, because it continues to work even when the network interface is down or configured differently. E.g. the IP address is configured on the application as static, but it's in fact from DHCP, and another machine gets that address later. – Esa Jokinen Apr 28 '20 at 13:15
  • 1
    I totally agree. I just wanted to point this out, because the way you've written your answer implies that the OPs assumption about how the connections work is correct ... which it isn't. – Gerald Schneider Apr 28 '20 at 13:16
  • Thanks for the clarification. I admit that i am a bit confused about this, my question is referred explicitly to the difference between pointing 127.0.0.1 or the specific ipv4 address of the machine. I thought that using the ipv4 LAN IP could have routed my connections, making them going from the machine to the router and viceversa. But as the answers say, using 127.0.0.1 or the LAN ip of the machine makes no difference because once the IPv4 IP is retrieved connections to that IP from the same machine do not go outside the machine but are internally re-routed to point to the machine itself. – Lazarus Apr 28 '20 at 19:53