Re: source & destination ?

From: Wojtek Walczak (
Date: 03/13/03

From: Wojtek Walczak <>
Date: Thu, 13 Mar 2003 16:09:16 +0000 (UTC)

Dnia Thu, 13 Mar 2003 15:01:56 +0100, Henri Schomäcker napisa³(a):
>> Your computer (well, to be exact - your local interface) knows this IP.
>> In example, for lo interface (which is a special device defined in the
>> kernel) is equal to (as long as netmask for
>> lo is
> Many thanks, this was great information!
You're welcome ;)

> But there's one question I still have:
> Is just assigned to the loopback interface or are these IPs
> generated by request and are there more of these IPs?
It depends on netmask for an interface. You can read it from ifconfig:

# ifconfig lo
lo Link encap:Local Loopback
          inet addr: Mask:
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:132 errors:0 dropped:0 overruns:0 frame:0
          TX packets:132 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:10564 (10.3 Kb) TX bytes:10564 (10.3 Kb)

Netmask for lo is Since local interface is a bit special,
every IP in range (or, in short form:
means your host. marks every ip in ranges: 127.0-255.0-255.0-255.
So as long as you're using loopback interface and your netmask is
equal to (I haven't been trying to change it and I'm not sure
how will a Linux system react in case of changing netmasks) every IP address
looking like 127.x.x.x where x is a number from 0 to 255 is targeting the
same location(yourself) as is.

> How to deal with the loopback interface in the firewall then?
IMHO you do not have to. You can't receive a packet with src_ip=
_to you_ _from the internet_, because these are unroutable. If router
recives a packet with source_ip= it destroys this packet.
To be sure I tried sending three packets with source_ip=
to a sever working eight routers farther and all of those three packets
were silently killed by some (I suppose - the first one) router.
Within your LAN the situation can be a little bit different if there's
no router which can drop strange packets. Maybe in that case it isn't
too bad to block/drop packets coming to your ethernet interface with
src_ip = So, if there's a possibility of an attack (only
DoS comes to mind at the momment) from LAN then you should block whole
loopback net which is (it marks any address from a range
I've mentioned above).


[ Wojtek Walczak - gminick (at) ]
[        <>        ]
[ "...rozmaite zwroty, matowe od patyny dawnosci." ]