Skip to main content

IP Binding

Learning Focus

By the end of this lesson you will know when and how to bind listeners to specific IP addresses versus all interfaces, and why this matters for security and multi-network servers.

What IP Binding Does

IP binding controls which network interface(s) a listener accepts traffic on. By default, listeners bind to * (all interfaces), but you can restrict them to a specific IP.

Binding Options

AddressMeaningUse Case
*Listen on all interfacesSingle-IP servers, simple setups
0.0.0.0Same as * — all IPv4 interfacesExplicit all-interfaces binding
[::]:443All IPv6 interfacesIPv6-only or dual-stack
192.168.1.100Specific private IP onlyInternal-only services
10.0.0.5Specific VPS/cloud private IPBackend listeners behind load balancers

When to Use Specific Binding

  • Multi-homed servers with both public and private interfaces
  • Staging or internal services that should not be reachable from the public internet
  • Split traffic patterns where different IPs serve different roles
  • WebAdmin security — bind port 7080 to a private IP or localhost only

Configuring IP Binding

In WebAdmin

  1. Navigate to Listeners → select or create a listener
  2. In the Address field, enter the specific IP instead of *
  3. Save and Graceful Restart

Verifying the Binding

# Check what IPs and ports are listening
sudo netstat -tlnp | grep lshttpd

# Or using ss
sudo ss -tlnp | grep lshttpd

# Example output:
# tcp  0  0 0.0.0.0:80    0.0.0.0:*  LISTEN  12345/lshttpd
# tcp  0  0 10.0.0.5:7080 0.0.0.0:*  LISTEN  12345/lshttpd
info

Binding WebAdmin (port 7080) to a private IP or 127.0.0.1 is a simple but effective security improvement. It prevents the admin console from being reachable from the public internet.

Key Takeaways

  • Specific IP binding reduces accidental exposure and makes traffic flow easier to reason about.
  • Use * for public-facing listeners and specific IPs for internal or admin services.
  • Always verify with netstat or ss after changing bindings.

What's Next

  • Continue to SSL Listener to configure HTTPS with certificates.