275

I know that 127.0.0.1 ~ 127.255.255.254 are the loopback IP addresses for most modern operating systems, and these IP addresses can be used to refer to our own computer.

But what's 0.0.0.0? It seems it also refers to the local computer, so what's the difference?

And, could you explain the following IP connections for me:

screenshot of netstat -an output

Anthony Geoghegan
  • 2,800
  • 1
  • 23
  • 34
Jichao
  • 2,937
  • 4
  • 17
  • 14
  • 7
    Also have a look at this question, as it gives details as to what 0.0.0.0 is (and isn't): http://serverfault.com/questions/228629/is-there-an-official-name-to-the-0-0-0-0-ip-address – Ellie Kesselman Aug 12 '11 at 04:25
  • 1
    A modern operating system would be using `::1` as loopback address. – kasperd May 29 '17 at 05:19

5 Answers5

188

The only thing is that you're not saying "all addresses should have access" -- that's done in your firewall(s) and/or the server software and/or other security layers like tcpwrappers.

0.0.0.0, in this context, means "all IP addresses on the local machine" (in fact probably, "all IPv4 addresses on the local machine"). So, if your webserver machine has two IP addresses, 192.168.1.1 and 10.1.2.1, and you allow a webserver daemon like apache to listen on 0.0.0.0, it will be reachable at both of those IP addresses. But only to what can contact those IP addresses and the web port(s).

Note that, in a different context (routing) 0.0.0.0 usually means the default route (the route to "the rest of" the internet, aside from routes in your local network etc.).

Anthony Geoghegan
  • 2,800
  • 1
  • 23
  • 34
Lee B
  • 3,380
  • 1
  • 17
  • 15
  • so you mean that webserver's socket is bound to any available addresses when it listens on 0.0.0.0 ? – onmyway133 Jul 17 '13 at 03:02
  • 1
    `0.0.0.0` means the default route *only* if it is accompanied by prefix `/0` (or netmask `0.0.0.0`) – minmaxavg Dec 11 '15 at 12:28
  • 2
    To be noted: if some process listens on 0.0.0.0, it will be reachable at IP adresses of all the machine's network interfaces which include the currently configured address of the loop back interface. But if the process listens only on a port of a loopback address, e.g. 127.0.0.1, and then the process is only reachable **from the same machine** by **targeting exactly 127.0.0.1:**. Try **[this](http://stackoverflow.com/questions/12268835/is-it-possible-to-run-python-simplehttpserver-on-localhost-only) python tool** to play! – Gab是好人 Dec 12 '16 at 18:04
97

When a service is listening on 0.0.0.0 this means the service is listening on all the configured network interfaces, when listening on 127.0.0.1 the service is only bound to the loopback interface (only available on the local machine)

slubman
  • 2,247
  • 16
  • 11
49

The IP address 0.0.0.0 can have very different meanings, depending on where it's used.

  • It's not a valid address to be given to an actual network interface, along with any other address in the 0.0.0.0/8 subnet (i.e. any address starting with 0.).
  • It can't be used as the source address on any IP packet, unless this happens when a computer still doesn't know its own IP address and it's trying to acquire one (classic example: DHCP).
  • If used in a routing table, it identifies the default gateway; a route to 0.0.0.0 is the default one, i.e. the one used when there is not any more specific route available to a destination address.
  • Lastly, when seen in the output of the netstat command (which is what you asked for), it means that a given socket is listening on all the available IP addresses the computer has; when a computer has more than one IP address, a socket can be bound only to a specific address and port pair, or to a port and all addresses; if you see an IP address there, it means that socket is listening only on that port and that specific address; if you see 0.0.0.0, it means it's listening on that port on all addresses of the machine, including the loopback one (127.0.0.1).
Massimo
  • 68,714
  • 56
  • 196
  • 319
  • 3
    What does it mean if you curl 0.0.0.0? Is curl actually contacting and sending a request through available interfaces? How does it know which interface is the right one? I understand how a server might listen on all interfaces, but what is the mechanism for a client to request all interfaces such as when I do curl 0.0.0.0 or curl [::]. – CMCDragonkai Jun 11 '14 at 09:05
  • 1
    The OS will very likely block you from doing that, as it doesn't just make sense from the networking perspective. Trying to `ping 0.0.0.0` on a Windows system results in an error message. – Massimo Jun 11 '14 at 13:01
  • `curl 0.0.0.0` yields `connection refused` on Arch Linux. `ping 0.0.0.0`, on the other hand, seems to be an alias for `ping 127.0.0.1` which works fine. – Matthias Braun Aug 11 '17 at 09:53
  • @MatthiasBraun the `connection refused` might be because curl by default try to connect to port 80/tcp. Try to find your open ports with `nmap -sV localhost` and then for eg if 631/tcp: `curl 0.0.0.0:631`. – Pablo A Mar 02 '18 at 16:00
32

Lee B's answer is right on, but here's some relevant RFCs in case you're interested.

0.0.0.0:

From RFC1122, Section 3.1.2.3:

We now summarize the important special cases for Class A, B, and C IP addresses, using the following notation for an IP address:

            { <Network-number>, <Host-number> }

        or
            { <Network-number>, <Subnet-number>, <Host-number> }

...

          (a)  { 0, 0 }

             This host on this network.  MUST NOT be sent, except as
             a source address as part of an initialization procedure
             by which the host learns its own IP address.

Just that, "this host on this network"... as Lee B's answer states this translates to all available IP addresses on your host. Hosting a service on 0.0.0.0 will automatically host that service on every addressable interface.

127.0.0.1:

From RFC5735:

127.0.0.0/8 - This block is assigned for use as the Internet host loopback address. A datagram sent by a higher-level protocol to an address anywhere within this block loops back inside the host. This is ordinarily implemented using only 127.0.0.1/32 for loopback. As described in [RFC1122], Section 3.2.1.3, addresses within the entire 127.0.0.0/8 block do not legitimately appear on any network anywhere.

The difference between 0.0.0.0 and the loopback address 127.0.0.1 is that the loopback address is designed to allow a fully functioning IP interface within the host itself, regardless of what the rest of the networking setup, if any, looks like. Any traffic sent to the loopback device is immediately received on it. It's not so much that the loopback network "refers" to your own host... it's more of like you have a mini network segment in your host that devices, processes and sockets and can open and connect to.

Community
  • 1
10

In simple terms: Listening on 0.0.0.0 means listening from anywhere that has network access to this computer, for example, from this very computer, from local network or from the Internet, while listening on 127.0.0.1 means only listen from this very computer

Hải Phong
  • 201
  • 2
  • 3