What's the difference between IP address 0.0.0.0 and 127.0.0.1?
Solution 1:
The only thing is that you're not saying "all addresses should have access" -- that's done in your firewall(s) and/or the server software and/or other security layers like tcpwrappers.
0.0.0.0, in this context, means "all IP addresses on the local machine" (in fact probably, "all IPv4 addresses on the local machine"). So, if your webserver machine has two IP addresses, 192.168.1.1 and 10.1.2.1, and you allow a webserver daemon like apache to listen on 0.0.0.0, it will be reachable at both of those IP addresses. But only to what can contact those IP addresses and the web port(s).
Note that, in a different context (routing) 0.0.0.0 usually means the default route (the route to "the rest of" the internet, aside from routes in your local network etc.).
Solution 2:
When a service is listening on 0.0.0.0 this means the service is listening on all the configured network interfaces, when listening on 127.0.0.1 the service is only bound to the loopback interface (only available on the local machine)
Solution 3:
The IP address 0.0.0.0 can have very different meanings, depending on where it's used.
- It's not a valid address to be given to an actual network interface, along with any other address in the 0.0.0.0/8 subnet (i.e. any address starting with
0.). - It can't be used as the source address on any IP packet, unless this happens when a computer still doesn't know its own IP address and it's trying to acquire one (classic example: DHCP).
- If used in a routing table, it identifies the default gateway; a route to 0.0.0.0 is the default one, i.e. the one used when there is not any more specific route available to a destination address.
- Lastly, when seen in the output of the
netstatcommand (which is what you asked for), it means that a given socket is listening on all the available IP addresses the computer has; when a computer has more than one IP address, a socket can be bound only to a specific address and port pair, or to a port and all addresses; if you see an IP address there, it means that socket is listening only on that port and that specific address; if you see0.0.0.0, it means it's listening on that port on all addresses of the machine, including the loopback one (127.0.0.1).
Solution 4:
Lee B's answer is right on, but here's some relevant RFCs in case you're interested.
0.0.0.0:
From RFC1122, Section 3.1.2.3:
We now summarize the important special cases for Class A, B, and C IP addresses, using the following notation for an IP address:
{ <Network-number>, <Host-number> } or { <Network-number>, <Subnet-number>, <Host-number> }...
(a) { 0, 0 } This host on this network. MUST NOT be sent, except as a source address as part of an initialization procedure by which the host learns its own IP address.
Just that, "this host on this network"... as Lee B's answer states this translates to all available IP addresses on your host. Hosting a service on 0.0.0.0 will automatically host that service on every addressable interface.
127.0.0.1:
From RFC5735:
127.0.0.0/8 - This block is assigned for use as the Internet host loopback address. A datagram sent by a higher-level protocol to an address anywhere within this block loops back inside the host. This is ordinarily implemented using only 127.0.0.1/32 for loopback. As described in [RFC1122], Section 3.2.1.3, addresses within the entire 127.0.0.0/8 block do not legitimately appear on any network anywhere.
The difference between 0.0.0.0 and the loopback address 127.0.0.1 is that the loopback address is designed to allow a fully functioning IP interface within the host itself, regardless of what the rest of the networking setup, if any, looks like. Any traffic sent to the loopback device is immediately received on it. It's not so much that the loopback network "refers" to your own host... it's more of like you have a mini network segment in your host that devices, processes and sockets and can open and connect to.
Solution 5:
In simple terms: Listening on 0.0.0.0 means listening from anywhere that has network access to this computer, for example, from this very computer, from local network or from the Internet, while listening on 127.0.0.1 means only listen from this very computer