Search code, repositories, users, issues, pull requests...

Provide feedback.

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly.

To see all available qualifiers, see our documentation .

  • Notifications

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: listen tcp x.x.x.x:443: bind: cannot assign requested address #107

@noxware

noxware commented Jul 14, 2022

@ganigeorgiev

ganigeorgiev commented Jul 14, 2022 • edited

Sorry, something went wrong.

noxware commented Jul 15, 2022

Ganigeorgiev commented jul 15, 2022 • edited, ganigeorgiev commented jul 16, 2022 • edited.

@johnhorsema

johnhorsema commented Jul 16, 2022

Noxware commented jul 16, 2022 • edited, noxware commented jul 16, 2022.

  • 👍 1 reaction

@kennethklee

kennethklee commented Jul 24, 2022

Ganigeorgiev commented aug 2, 2022.

@ganigeorgiev

doniyorz commented Oct 8, 2022 • edited

Ganigeorgiev commented oct 8, 2022, doniyorz commented oct 8, 2022, ganigeorgiev commented oct 8, 2022 • edited.

@whkoh

whkoh commented Oct 9, 2022 • edited

Ganigeorgiev commented oct 9, 2022 • edited.

@raf2001

raf2001 commented Oct 12, 2022

@bacon-delight

bacon-delight commented Oct 14, 2022 • edited

Ganigeorgiev commented oct 14, 2022 • edited, raf2001 commented oct 14, 2022.

  • 👍 2 reactions

@jimafisk

jimafisk commented Nov 30, 2022

Ganigeorgiev commented nov 30, 2022 • edited.

  • 👍 5 reactions

@harryc9

harryc9 commented Dec 3, 2022

  • 🚀 2 reactions

@adampatterson

adampatterson commented Jan 1, 2023

@mingyeungs

mingyeungs commented Jan 20, 2023

  • 👍 10 reactions

@AriaFantom

AriaFantom commented May 4, 2023

Adampatterson commented may 5, 2023 • edited.

@Hammaad-M

Hammaad-M commented Dec 13, 2023 • edited

Ganigeorgiev commented dec 13, 2023 • edited.

@Hammaad-M

Hammaad-M commented Dec 13, 2023

No branches or pull requests

@adampatterson

Ubuntu Forums

  • Unanswered Posts
  • View Forum Leaders
  • Contact an Admin
  • Forum Council
  • Forum Governance
  • Forum Staff

Ubuntu Forums Code of Conduct

  • Forum IRC Channel
  • Get Kubuntu
  • Get Xubuntu
  • Get Lubuntu
  • Get Ubuntu Studio
  • Get Mythbuntu
  • Get Edubuntu
  • Get Ubuntu GNOME
  • Get Ubuntu Kylin
  • Get Ubuntu Budgie
  • Get Ubuntu Mate
  • Ubuntu Code of Conduct
  • Ubuntu Wiki
  • Community Wiki
  • Launchpad Answers
  • Ubuntu IRC Support
  • Official Documentation
  • User Documentation
  • Distrowatch
  • Bugs: Ubuntu
  • PPAs: Ubuntu
  • Web Upd8: Ubuntu
  • OMG! Ubuntu
  • Ubuntu Insights
  • Planet Ubuntu
  • Full Circle Magazine
  • Activity Page
  • Please read before SSO login
  • Advanced Search

Home

  • The Ubuntu Forum Community
  • Ubuntu Official Flavours Support
  • General Help
  • [all variants] ssh port forwarding: bind cannot assign requested address

Next

  • Jump to page:

Thread: ssh port forwarding: bind cannot assign requested address

Thread tools.

  • Show Printable Version
  • Subscribe to this Thread…
  • View Profile
  • View Forum Posts
  • Private Message

ianc1 is offline

ssh port forwarding: bind cannot assign requested address

Hi all I have a problem I don't understand while trying to port forward over ssh. I wish to remote desktop to a Windows machine at work from my home Linux box. I can do this through an ssh gateway using: Code: ssh -L port:windows_machine:3389 username@ssh_gateway -p ssh_port Doing this I can then connect to the windows machine using Remmina via localhost and the appropriate port from the command above. So all appears to work. However when I execute the ssh command I get the following error Code: bind: Cannot assign requested address Using netstat I can tell I'm not already using the port on my local machine. Any ideas what's wrong. Thanks in advance. Ian

Re: ssh port forwarding: bind cannot assign requested address

I've managed to try this on a Mint 12 machine ie one based on Ubuntu 11.10. I got no error message using that machine. Mint 12 has openssh version 5.8 while 12.04 has 5.9. Is this a bug I should be reporting? How do I tell? Thanks

papibe is offline

Hi ianc1. That kind of forwarding is working for me on 12.04. The error looks more like a DNS error to me. Could you post the log using the extra verbose option while trying to connect using the forwarded port? Code: ssh -vvv ... Regards. EDIT: To start, I imagine you have some sort of sshd service on the Windows machine isn't it?
Hi papibe Thanks for the reply. The host I ssh into is a Linux machine and it is on the same network as the windows machine and easily connects to it. I know there are no problems there. I ran the command as suggested and the output is attached with some bits starred out for security reasons. I hope they weren't the relevant bits but as far as I could see they were info only. Thanks in advance

Attached Files

Code: debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY debug1: Local forwarding listening on ::1 port 9999. bind: Cannot assign requested address The only difference that I see is that you are using IPv6 only? Any reason? May be allowing regular IPv4 would work. Regards.
Thanks papibe. That's odd as I thought I had disabled IPv6 on my machine as most firewalls ignore it (I have been led to believe) and I don't have an IPv6 enabled router. I set: Code: net.ipv6.conf.all.disable_ipv6=1 in the file sysctl.conf. Should I revert this? Is this error coming from my local machine (the one I issue the SSH command on) or the remote machine I SSH into? Thanks again.
Let's try force the use of IPv4 on both ssh commands: the one creating the tunnel, and the one using it: Code: ssh -4 ... Regards.

markbl is offline

Login to your server first then try telneting to that port on the windows box. Then you can tell which step is failing. Note that the name "windows_machine" must be resolvable by the ssh_gateway machine. Code: ssh username@ssh_gateway -p ssh_port telnet windows_machine 3389
Thanks papibe and markbl. Before I got the replies I enabled IPv6 in sysctl.conf again and tried. Success. When I got the replies I tried again with IPv6 disabled and using the ssh - 4 option as you suggested. Again success. Hoorah. What puzzles me is why this is an issue. As far as I am aware the router I use only uses IPv4. Any ideas? Thanks again for the help.
It could be in the configuration of ssh itself. Could you post the content of this command on both the client and the server? Code: grep -i address /etc/ssh/ssh*config Regards.
  • Private Messages
  • Subscriptions
  • Who's Online
  • Search Forums
  • Forums Home
  • New to Ubuntu
  • Installation & Upgrades
  • Desktop Environments
  • Networking & Wireless
  • Multimedia Software
  • Ubuntu Development Version
  • Virtualisation
  • Server Platforms
  • Ubuntu Cloud and Juju
  • Packaging and Compiling Programs
  • Development CD/DVD Image Testing
  • Ubuntu Application Development
  • Ubuntu Dev Link Forum
  • Programming Talk
  • Bug Reports / Support
  • System76 Support
  • Apple Hardware Users
  • Recurring Discussions
  • Mobile Technology Discussions (CLOSED)
  • Announcements & News
  • Weekly Newsletter
  • Membership Applications
  • The Fridge Discussions
  • Forum Council Agenda
  • Request a LoCo forum
  • Resolution Centre
  • Ubuntu/Debian BASED
  • Arch and derivatives
  • Fedora/RedHat and derivatives
  • Mandriva/Mageia
  • Slackware and derivatives
  • openSUSE and SUSE Linux Enterprise
  • Gentoo and derivatives
  • Any Other OS
  • Assistive Technology & Accessibility
  • Art & Design
  • Education & Science
  • Documentation and Community Wiki Discussions
  • Outdated Tutorials & Tips
  • Ubuntu Women
  • Arizona Team - US
  • Arkansas Team - US
  • Brazil Team
  • California Team - US
  • Canada Team
  • Centroamerica Team
  • Instalación y Actualización
  • Colombia Team - Colombia
  • Georgia Team - US
  • Illinois Team
  • Indiana - US
  • Kentucky Team - US
  • Maine Team - US
  • Minnesota Team - US
  • Mississippi Team - US
  • Nebraska Team - US
  • New Mexico Team - US
  • New York - US
  • North Carolina Team - US
  • Ohio Team - US
  • Oklahoma Team - US
  • Oregon Team - US
  • Pennsylvania Team - US
  • Texas Team - US
  • Uruguay Team
  • Utah Team - US
  • Virginia Team - US
  • West Virginia Team - US
  • Australia Team
  • Bangladesh Team
  • Hong Kong Team
  • Myanmar Team
  • Philippine Team
  • Singapore Team
  • Albania Team
  • Catalan Team
  • Portugal Team
  • Georgia Team
  • Ireland Team - Ireland
  • Kenyan Team - Kenya
  • Kurdish Team - Kurdistan
  • Lebanon Team
  • Morocco Team
  • Saudi Arabia Team
  • Tunisia Team
  • Other Forums & Teams
  • Afghanistan Team
  • Alabama Team - US
  • Alaska Team - US
  • Algerian Team
  • Andhra Pradesh Team - India
  • Austria Team
  • Bangalore Team
  • Bolivia Team
  • Cameroon Team
  • Colorado Team - US
  • Connecticut Team
  • Costa Rica Team
  • Ecuador Team
  • El Salvador Team
  • Florida Team - US
  • Galician LoCo Team
  • Hawaii Team - US
  • Honduras Team
  • Idaho Team - US
  • Iowa Team - US
  • Jordan Team
  • Kansas Team - US
  • Louisiana Team - US
  • Maryland Team - US
  • Massachusetts Team
  • Michigan Team - US
  • Missouri Team - US
  • Montana Team - US
  • Namibia Team
  • Nevada Team - US
  • New Hampshire Team - US
  • New Jersey Team - US
  • Northeastern Team - US
  • Panama Team
  • Paraguay Team
  • Quebec Team
  • Rhode Island Team - US
  • Senegal Team
  • South Carolina Team - US
  • South Dakota Team - US
  • Switzerland Team
  • Tamil Team - India
  • Tennessee Team - US
  • Trinidad & Tobago Team
  • Uganda Team
  • United Kingdom Team
  • US LoCo Teams
  • Venezuela Team
  • Washington DC Team - US
  • Washington State Team - US
  • Wisconsin Team
  • Za Team - South Africa
  • Zimbabwe Team

Tags for this Thread

View Tag Cloud

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  • BB code is On
  • Smilies are On
  • [IMG] code is On
  • [VIDEO] code is Off
  • HTML code is Off
  • Ubuntu Forums

Error: redis bind cannot assign requested address

What's causing this error.

The error message 'redis bind cannot assign requested address' arises when Redis is unable to bind to a specific IP address and port. The most common cause of this error is an incorrect or unavailable IP address specified in the Redis configuration file. It can also occur if there is another process already bound to the same IP address and port.

Solution - Here's How To Resolve It

To resolve this error, try these steps:

  • Verify that the IP address specified in the Redis configuration file is accurate and available on the machine running Redis.
  • Check for any processes listening on the same IP address and port using the lsof command.
  • Ensure that the network settings are configured correctly, and the IP address assigned to the machine is valid and accessible from outside the machine if using a virtual machine or cloud instance.
  • Use a different IP address and port combination for Redis, updating the configuration file accordingly.
  • Restart Redis after any changes to the configuration file.

If none of these solutions work, seek further assistance, or consult the Redis documentation for more information.

Was this content helpful?

Other common redis errors (with solutions).

  • could not connect to redis at 127.0.0.1:6379: connection refused
  • redis error server closed the connection
  • redis.exceptions.responseerror: value is not an integer or out of range
  • redis.exceptions.responseerror moved
  • redis.exceptions.responseerror noauth authentication required
  • redis-server failed to start advanced key-value store
  • spring boot redis unable to connect to localhost 6379
  • unable to configure redis to keyspace notifications
  • redis.clients.jedis.exceptions.jedismoveddataexception
  • could not get resource from pool redis
  • failed to restart redis service unit redis service not found
  • job for redis-server.service failed because a timeout was exceeded

Dragonfly is fully compatible with the Redis ecosystem and requires no code changes to implement.

Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Error "Can't assign requested address" when ssh-ing to remote server

On ubuntu 14.04 I have installed openssh, changed the ssh port. I can login within LAN with no problems, but I cannot access it from outside.

I also have: allowed it though firewall and set up port forwarding on my linksys router

Whenever I login, I get the error (I have replaced # instead of numbers):

What else can I check, what could be wrong? Please help.

Jake B.'s user avatar

This might not fix your issue but I had the same error on OSX after it working successfully before. Flushing the routing table helped:

I ran these on the computer that I was connecting from. Reference: http://codefromabove.com/quickies/osx-cant-assign-requested-address-code49/

einverne's user avatar

  • 3 Hello ! Can you explain us why we have to flush the route ?? thank's –  I'm_ADR Dec 19, 2016 at 14:03
  • 2 @I'm_ADR because your routing table gets corrupted from time to time. There are different reasons for it but one might be using OpenVPN on poor networks. –  Saba Ahang Nov 13, 2018 at 14:49

You must log in to answer this question.

Not the answer you're looking for browse other questions tagged networking server ssh ..

  • The Overflow Blog
  • Who owns this tool? You need a software component catalog
  • Down the rabbit hole in the Stack Exchange network
  • Featured on Meta
  • Upcoming privacy updates: removal of the Activity data section and Google...
  • Changing how community leadership works on Stack Exchange: a proposal and...
  • AI-generated content is not permitted on Ask Ubuntu
  • Goodbye Gunnar Hjalmarsson 1958.10.06 - 2023.12.20

Hot Network Questions

  • Names in The Water Margin
  • extremely slow leak in tire
  • What's the relation between a language being managed and its compiler being reversible?
  • Why deplane all passengers and not the troublemaker?
  • Were any U.S. founding fathers present at the storming of the Bastille?
  • 10-year UK visa ban. 15 years later and new citizenship
  • Are views logically redundant?
  • "They don’t speak it so much my side of the park." Which park? Which side is which?
  • Why did nobody ever succeed in "clean room" cloning the Apple Macintosh
  • Short story in which time slips and the passenger pigeon reappears in North America
  • What is a misreading error called?
  • What happens when the runway is unusable at an isolated aerodrome?
  • Is mathematical programming synonymous with algebraic modelling?
  • A canal between two rivers
  • What's the source of John Adams's quote against the two-party system?
  • How far can we go in space?
  • Use of double pointers and memory allocation/deallocation
  • What is the the purpose of using paravirtualization if there is a hardware assisted virtualization?
  • Get string from within curly brackets
  • Is there a name for the widespread logical fallacy in which you prove your point by 'eliminating' anyone who contradicts you?
  • Sum up snail number neighbours
  • What leverage or negotiation tools do government agencies actually have to negotiate prescription drug prices directly with drug companies?
  • Are cherry blossoms ever used in cooking for their flavor? Is there a preference between ornamental and agricultural varieties?
  • Elements with most commonly occurring isotope being different from the most stable one

bind cannot assign requested address ubuntu

Linux网络编程,bind:error:Cannot assign requested address,Ubuntu网络桥接

bind cannot assign requested address ubuntu

解决二:在虚拟机里面,①编辑->虚拟网络编辑器->还原默认设置。②完成后重新选择,网络桥接模式。③进入Ubuntu,命令ifconfig(查看网卡),sudo ifconfig ens33 up (算是打开网卡吧我也不懂),sudo dhclient(动态分配一个IP)。这样就欧克了,就会发现,在同一个网段。就可以使用bind了。 下面是我写的简单代码,看一下吧。

服务器端:

客户端:

bind cannot assign requested address ubuntu

“相关推荐”对你有帮助么?

bind cannot assign requested address ubuntu

请填写红包祝福语或标题

bind cannot assign requested address ubuntu

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。 2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

bind cannot assign requested address ubuntu

Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Nginx failed to start. Cannot assign requested address?

When I reboot my server (not nginx, the whole server), Nginx fails to start automatically. After I logged into the server, I can start nginx manually (service nginx start). It works. But if I restart again, I have to manually start Nginx. When checking the error.log for Nginx, I saw this error repeated several times :

How can I fix this? What is this problem? (Im running an Ubuntu 12.04 server)

quanta's user avatar

  • 1. ifconfig ? 2. grep listen /path/to/nginx.conf ? –  quanta Aug 27, 2012 at 4:10
  • @quanta added the outputs :) –  THpubs Aug 27, 2012 at 4:47

3 Answers 3

bind() to [ipv6]:80 failed (99: Cannot assign requested address)

It sounds like your IPv6 address has just been assigned to eth0, and still be in the tentative state , thus Nginx cannot establish a listen on that IP.

Either turn of DAD ( Duplicate Address Detection ) by running:

(insert into /etc/sysctl.conf for permanent)

or add this line into /etc/network/interfaces , under inet6 interface definition

Source: http://pyro.eu.org/how-to/micro/nginx-cannot-assign-requested-address-ipv6.txt

Community's user avatar

  • Thanks. What will be the best option out of the two? I also included the interfaces file on my server (please check the above question) –  THpubs Aug 27, 2012 at 5:25
  • 1 I think option 2 is better. –  quanta Aug 27, 2012 at 5:34
  • Why is option 2 better? –  Kalib Zen Dec 30, 2020 at 5:24

I had similar symptoms, but a different configuration. The server runs Debian Wheezy with static IPv4 and IPv6 address configured.

At every boot, nginx failed to start:

Manually starting works fine and manual inspection also showed that the addresses and routes are set. Just setting the IPv6 address in interfaces (without the IPv4 address) worked. Removing the static IPv6 gateway also worked, but then a link-local gateway address is used. After further debugging, I found that the boot process would spit out:

It turns out that an IPv6 address and gateway is automatically assigned by the router when the interface is brought up. To avoid this behavior, set accept_ra 0 in the iface eth0 inet6 section. The inet6 section has also to be moved before the inet section or the default route will still point to the link-local address.

Lekensteyn's user avatar

On my Ubuntu 14.04 Hosts i just needed to move the IPv6 (inet6) entry BEFORE the IPv4 (inet) entry.

So this works:

pcdummy's user avatar

You must log in to answer this question.

Not the answer you're looking for browse other questions tagged ubuntu nginx ..

  • The Overflow Blog
  • Who owns this tool? You need a software component catalog
  • Down the rabbit hole in the Stack Exchange network
  • Featured on Meta
  • Upcoming privacy updates: removal of the Activity data section and Google...
  • Changing how community leadership works on Stack Exchange: a proposal and...

Hot Network Questions

  • Industrial applications of high gravity
  • Should I put functions in .bashrc, .bash_aliases or .profile
  • Would it be constitutional for a US state or the federal government to ban all homeopathic "medications"?
  • How save changed in all buffers (Embark export: consult-grep)?
  • As a private tutor, is it ethical to recommend the student take more classes?
  • Can an Eidetic Spellcaster benefit from the Geometer feature that allows one page per spell in the spellbook?
  • Why is Europe (Germany in particular) apparently paying so little for US troop presence/protection, compared to South Korea?
  • Conditional convergence of exponential sums related to a Hecke modular form
  • Why deplane all passengers and not the troublemaker?
  • Help with the Minkowski space-time metric
  • Why don't we just unshift the IR photos from Webb?
  • If X causes Y, where does Y gain its properties from? Are they transferred over from the cause X?
  • Kuratowski's 14 theorem and universal algebra
  • Book set in a New Zealand or Australian future society where the rich and poor live separately. Includes a character named Billy, short for Billy Goat
  • Is there global law that governs Denaturalization to stateless status for children?
  • Floating point numbers... dar nu-mă, nu-mă iei!
  • Pasta Bar for 250 people
  • Materials with low band gap and low conductivity simultaneously. Is it possible?
  • Why explicitly and inexplicitly declarated nodes produce edges with different length?
  • extremely slow leak in tire
  • Recursive macros revisited
  • How do I interpret low subgroup interaction and high efficacy in only one group?
  • How to answer vague "tell me about x" questions from recruiter
  • Could black holes be used to warp a laser transmission back to the point of origin?

bind cannot assign requested address ubuntu

mattgadient.com

Fixing “cannot assign requested address” for nginx + ipv6 on ubuntu 18.04.

Okay, so before we get started, I’m going to assume the following:

  • You’re using a host that gives you IPv6 addresses and you do have IPv6 enabled on their end.
  • You are on Ubuntu 18.04 or later (technically at least 17.10 for this)
  • You put an IPv6 address (ie X:X:X:1:2:3:4) as a listen directive in an nginx server block. Example:  listen [XX:XX:XXXX:XX:1:2:3:4]:443 ssl http2;
  • You’re certain the nginx config itself is fine.

Ubuntu 18.04 - Cannot assign requested address in nginx over IPv6

I hit the “cannot assign requested address” in 2 circumstances. First, nginx wouldn’t start at all because it wouldn’t bind. Once that was fixed, the second issue was  it would bind except when the server restarted though it worked when the server was manually restarted.

I’ve run into these in years past, but things changed between Ubuntu 16.04 and 18.04. Beginning in 17.10, Ubuntu changed from ifupdown to netplan which made the process a little different.

In any case, here’s how I fixed each:

NGINX not starting at all when there is an ipv6 listen directive

If you take a look at your /etc/network/interfaces file, you’ll probably find it empty except for a message mentioning that “ifupdown has been replaced by netplan(5) on this system” .

The new configuration is in /etc/netplan/10-ens3.yaml . Edit it and you’ll see something like this:

Netplan default file

You’ll have to add the IPv6 address here, so it looks like this:

Netplan file modified for IPv6

…essentially,  addresses: ['1234:5678:9abc:def0:1:2:3:4/64'] was added. Note the indentation and that you need the prefix (/64). There are prefix calculators on the web if you’re not sure. This was all I needed in my case. However if you have a few to add, they go in the same block but are comma-separated. You should be able to add IPv4 addresses here too, so    addresses: ['x:x:x:x:1:2:3:4/64', 'x:x:x:x:4:3:2:1/64', 1.2.3.4/24] would be an example of that.

Once you’re all set, you need to run the following:

…if there was an issue, the first line will usually spit out the problem. If everything went well, try:

Hopefully nginx starts up now!

If you run into other hiccups or if your server was configured a little differently and the above doesn’t quite work, Ubuntu does have a little more on their blog at https://blog.ubuntu.com/2017/12/01/ubuntu-bionic-netplan . Another site with some configuration examples can be found at  https://websiteforstudents.com/configuring-static-ips-ubuntu-17-10-servers/ .

Issue #2: nginx now works if manually started, but has the “bind / requested address” error when the server is rebooted

You won’t know if you have this issue until you reboot and try a service nginx status  to see the error, followed by a service nginx start to verify it does work when manually started.

Whether you hit this issue is probably going to depend on the way your host has the network set up. IPv4 tends to come up fast in the networking process, but IPv6 can potentially take awhile. If nginx starts before the IPv6 address is up… well… nginx doesn’t start.

To fix the issue, we want to make nginx wait not just for the “network-online” signal before it starts. This takes place after the normal “network” signal. To do this:

  • Edit the /lib/systemd/system/nginx.service file.
  • Find the line that says After=network.target and change it to After=network-online.target
  • Save the file
  • Run systemctl disable nginx.service  followed by systemctl enable nginx.service

The file will look something like this after the modification:

nginx.service file for Ubuntu 18.04

That should be it! Restart your machine and make sure nginx is running!

Ad-free Sunday

No bulky ads today: instead, a couple YouTube links to churches who have Sunday services online.

Church of the Rock (Mark Hughes) - https://www.youtube.com/channel/UCVQxQBeMwzh2GffoWoBRjeg Springs Church (Leon Fontaine) - https://www.youtube.com/channel/UCM1LviWWBwbApUAQTLkXsKA

1 Comment |  Leave a Comment

  • Simon Hampel on November 24, 2018 - click here to reply Thanks - this is exactly the problem I just came across having moved from 16.04 to 18.04 and Netplan. Your solution fixed the problem - much appreciated.

Leave a Comment Cancel reply

You can use an alias and fake email. However, if you choose to use a real email, "gravatars" are supported. You can check the privacy policy for more details.

JavaScript must be enabled to comment!

Matt Oswalt

  • Programming
  • Sponsor Me!

Loading search index…

No recent searches

No results for " Query here "

  • to navigate

Search by FlexSearch

Non-Local Address Binds in Linux

February 24, 2022 in  Systems 21 minutes

I came across some interesting sockets-related behavior this week that caused me to go down a bit of a rabbit hole. This ended up taking me on a tour of Linux’s socket and IPv4/IPv6 implementation. I thought the journey was instructive, and I hope that my attempt to recount the steps I went through is useful to you.

Working with sockets on Linux is typically done with a handful of syscalls. The first and most obvious one, socket() creates the socket, then bind() is used to assign an address to it (the kind of address depends on the address family specified when creating the socket).

At this point, you can use either connect() or listen() to connect to an existing listener, or listen passively for incoming connections, respectively. However, for the scope of this post, we’ll focus just on the first few steps, up through bind() . It’s important to note that this bind() operation takes place before either, which means that this is the method by which you choose which address is used as the local address to which this socket binds. When you send traffic to the other side of the socket, either as a client or server, this will be your source address in those packets.

In most programming languages, this is quite easy to do (especially systems-focused ones), as a large number have basic socket primitives built into the standard library. Python, as an example, has a sockets module in its standard library, and creating and binding to a socket are both one-liners:

We’ll stick with IPv4 for the first few examples, but we’ll be covering IPv6 in this post as well.

We specified 0.0.0.0 as the address, which tells the OS to listen on all IP addresses currently configured on the system . This can be useful, as when you’re writing software you often don’t know (and don’t want to) the actual IP address of the server where that software is going to run - you just know you want to grab whatever address is available.

We can inspect the actual syscalls being made using strace :

However, there are use cases where being more explicit about which address a given socket binds to is necessary. Imagine that there’s some software on your machine that should only accept connections from other software running on the same machine. In this case, you would probably want to bind only to addresses in 127.0.0.0/8 , as this is the dedicated range for this kind of traffic ( systemd-resolved works this way , as an example). This is also useful in situations where a machine has multiple network connections - you can bind only to an address in a particular subnet. This is common on firewalls where a webserver running an administrative application is only available on the “inside” connection.

These are all fairly common reasons why you might explicitly specify an address during bind() , but ultimately all of these methods involve using an address that already “belongs” to the system, meaning it’s either built-in (as is the case with 127.0.0.0/8 ) or it is configured on a network interface.

Observing Non-Local Binds from Userspace

However, some use cases exist where you might want to bind to an address that’s not configured on any network interface at all. One of the canonical examples is when you want the return traffic for a given connection to pass through a load balancer, and leave it up to the load balancer to determine where to ultimately deliver the traffic.

There are a few ways you can do this in Linux, but we’ll look at two. The first is through a socket option called IP_FREEBIND (described in Linux’s IPv4 protocol documentation ). Socket options are per-socket configuration settings that you can specify after initially creating the socket. This is done through the setsockopt() syscall. Linux uses an integer value of 15 for the IP_FREEBIND option, so that’s what we need to pass in to setsockopt() , while also specifying a value of 1 , indicating this option should be enabled. Python also makes this easy:

This will work, despite the fact that 192.168.123.123 is not actually configured on any of our system’s network interfaces.

Another other way to accomplish this in Linux (which as we’ll soon see only works for IPv4) is through a feature called Any-IP . This is a fancy term for adding an entry to the local routing table, indicating that any traffic received on a given prefix should be handled by the local machine on the specified interface, as if every address in that prefix was individually configured on that interface. This can be very useful if you want to potentially bind to a huge number of addresses - rather than configuring each one individually on an interface, you can just add a single routing entry that summarizes them:

With TCPv4 sockets we don’t even need the IP_FREEBIND option. As long as the address we’re binding to exists in an Any-IP route, this will work just fine.

So, to summarize, in order to bind to an IPv4 address that is not configured on an interface, you must either specify the IP_FREEBIND socket option, or bind to an address that’s part of an Any-IP route.

In addition to the two methods we’ve just explored, there are two other mechanisms in Linux that, when enabled, also allow a socket to bind to an address that is non-local (not configured anywhere on the machine). The sysctl option net.ipv4.ip_nonlocal_bind (and the IPv6 equivalent net.ipv6.ip_nonlocal_bind ) - this is a system-wide setting, so it affects all sockets. Naturally, elevated privileges are required to set this option. The IP_TRANSPARENT socket option. This used for transparent proxying, and while, like IP_FREEBIND , it is a per-socket option, it however requires root privileges or the CAP_NET_ADMIN capability to enable. It also requires additional iptables rules as part of the transparent proxy configuration. While both of these options incidentally enable non-local binds, they are designed for different purposes and/or come with drawbacks we don’t want to deal with for this example. So while we’ll see references to these options > in our exploration, just know that they’re out of scope for this post.

Now, it’s time to see how this is done in IPv6. Let’s take the Any-IP approach, by first creating a local route for a prefix that doesn’t match any IPv6 address configured on our system:

This should allow us to simply create the socket and bind to any address in that prefix:

However, this fails with OSError: [Errno 99] Cannot assign requested address . We can see with strace that bind() is returning an EADDRNOTAVAIL :

Linux’s IPv6 protocol documentation doesn’t contain an IP_FREEBIND option like the IPv4 version does, but it does say “The IPv6 API aims to be mostly compatible with the IPv4 API (see ip(7)). Only differences are described in this man page”. Because of this, I tried setting the IP_FREEBIND option on the socket:

This worked, so this means that the IP_FREEBIND socket option is IP version agnostic. However, I was intrigued, because with IPv4, the presence of an Any-IP route meant that IP_FREEBIND was not needed. Clearly in IPv6, it still is for some reason.

Next, I wanted to test the reverse case: IP_FREEBIND set, but without a matching Any-IP route:

Despite the lack of an Any-IP prefix, the previous example will still work .

So, it seems that while IPv4 sockets require either an Any-IP route, or IP_FREEBIND , IPv6 is a bit more strict; regardless of whether or not an Any-IP prefix matches the address you want to bind to, you always need to use the IP_FREEBIND option to bind to an address that’s not actually configured on an interface.

I’ve found a few other posts ( [1] , [2] ) that seem to confirm that this difference in behavior is real, so I felt better that what I was observing wasn’t due to some error on my part, but there were still some unanswered questions rattling around in my head:

  • Is it possible I’m still doing something wrong? After all, this is really the first time I’ve played around with binding sockets to nonlocal addresses on Linux.
  • Assuming I’m not doing anything wrong, why does the IPv6 implementation differ for some reason? Is there some kind of other corner case I’m not thinking of, or some other mechanism for implicitly allowing nonlocal binds that I haven’t found?

I spent a good chunk of time Googling, but there were few results that even acknowledged this difference, nevermind explained why it was the case. Soon, I realized that the fastest way for me to get my answers is to just go straight to the source - the kernel source code itself.

IPv4 Non-Local Binds in the Kernel

I am running a fairly recent kernel (5.10) and as a result, all examples provided are from that version. Ideally not much has changed since then as of the time of this writing, but if you’re looking at a different version, YMMV.

Since the error in question occurs when we try to bind our existing socket to an address, I figured the best place to start was looking at the implementation for the bind() syscall. This can be found in the __sys_bind() function in net/socket.c :

As we know from the syscall documentation, the first parameter passed to bind() is the file descriptor where our socket was created. Naturally, this is the first parameter to __sys_bind() . This is then passed to sockfd_lookup_light() to get the socket details, including the protocol-specific implementations (remember we specified AF_INET or AF_INET6 when creating sockets?). The important step for our purposes is the call to sock->ops->bind() , which invokes the bind implementation for the protocol used by this socket.

This blog post is really great, and goes into way more detail on the process of getting to the appropriate bind implementation.

The IPv4 implementation in Linux can be found in net/ipv4/af_inet.c . Within, inet_bind() is called by the previous example when AF_NET family is used. This ultimately calls __inet_bind() , where the real work is done.

You won’t scroll far before you see a large conditional that looks promising:

This evaluates a few conditions to determine the suitability of the address that we wish to bind to. First, the address is passed to inet_can_nonlocal_bind :

This function checks to see if any of the three options that would allow for a nonlocal bind are present, including IP_FREEBIND , and if so, returns true .

inet_addr_valid_or_nonlocal was added in later kernel versions to further cut down on repeated code, so if you’re looking at more recent kernel versions, you may only see a call to this function. It wraps both the conditions in inet_can_nonlocal_bind as well as the address types of addr->sin_addr.s_addr and chk_addr_ret all in one place.

Since we know that enabling IP_FREEBIND on a socket will cause this function to return true, we also know that the conditional above in __inet_bind() will immediately pass, since it will only raise an error if all of the parameters for the conditional return false .

However, let’s assume we haven’t configured IP_FREEBIND . What other conditions could be true in our case that would enable this to still bind successfully?

The second interesting conditional from the check in __inet_bind() is:

This looks interesting becuase the suffix LOCAL seems to imply that this address was checked for membership in the local routing table, which we know to be the mechanism by which Any-IP works. However, this is just a theory based on nothing more than the name of a referenced constant, so let’s figure out where chk_addr_ret comes from.

This value is retrieved a few lines above in __inet_bind() :

This is exported as inet_addr_type_table() in net/ipv4/fib_frontend.c but ultimately implemented via the __inet_dev_addr_type() function just above .

Broadcast and multicast are easy to identify at the bit level, so those are checked immediately and returned when detected. Provided the address isn’t one of those, it looks like a FIB lookup is performed to further identify the type for this address. We can also tell from the function signature that it returns an unsigned int . So, in the condition chk_addr_ret != RTN_LOCAL back in __inet_bind() , the integer value from inet_addr_type_table() must match whatever value is assigned to RTN_LOCAL . But what is that value?

RTN_LOCAL is actually defined as an item within an enum within include/uapi/linux/rtnetlink.h :

Since no values are being explicitly set here, each of these items are assigned the corresponding 0-based index (this is how enums work in C). This means that RTN_LOCAL would have the value of 2, RTN_BROADCAST is 3, and so on. The comment Accept locally seems to further indicate that this value represents an address found in the local routing table, but it would still be nice to confirm this somehow. Ultimately what we’re looking for is the exact integer value returned by the inet_addr_type_table() function.

We could continue to dive into the kernel source code, and figure out how the internals of the FIB work, and probably get to a reasonable conclusion, but this would take considerably more time. And it turns out, we don’t have to! We can use eBPF to inspect the parameters and return value of inet_addr_type_table() on a live, running system.

bpftrace makes it really easy to create simple tracing programs on Linux that are powered by eBPF. We can attach to a kprobe for the inet_addr_type_table function, to print the address being checked whenever the function is invoked. Of course, we also want to attach to a kretprobe to print the return value from this function as well.

We will pass this file to bpftrace , and once we see the message Attaching 2 probes... , we can open a few sockets in a separate process. Here’s the output from bpftrace when we bind to a few different addresses:

  • 0.0.0.0 didn’t even need to be checked against the routing table; this was returned immediately as RTN_BROADCAST , which corresponds to a value of 3, and this matches what we’re seeing in the bpftrace output.
  • 10.12.0.1 is another host on our network, so this returns 1, which is RTN_UNICAST . The same applies for 192.168.1.123 , which matches the default route, so this traffic will be unicasted to the default gateway.
  • Finally, 192.168.123.123 matches the local route we added earlier, and as expected, returns a value of 2, which corresponds with RTN_LOCAL . For good measure, I tested 127.0.0.1 which obviously matches a local route, and this also returns 2.

So where does this get us? Well, if we zoom all the way back to the conditions in __inet_bind() that could result in the return of EADDRNOTAVAIL , the one we’ve been trying to figure out thus far tries to see if chk_addr_ret != RTN_LOCAL . We know now that this will evaluate to false , since in the case of our local address, chk_addr_ret will equal 2, which the value of RTN_LOCAL .

This means, that if one of the nonlocal bind options are set, like IP_FREEBIND , or the address matches a local route, the bind can proceed to the next step. This confirms the behavior we observed in userspace, but more importantly, we know how the kernel is making the decisions it makes. Now, it’s time to take this knowledge over to the IPv6 implementation, and compare.

IPv6 Non-Local Binds in the Kernel

We’ve seen from playing around with sockets in userspace that IPv6 is more strict than IPv4 when it comes to non-local binds, requiring an option like IP_FREEBIND to be enabled, and that the address being bound matches an Any-IP route. However, can we verify this by looking at the kernel-side implementation in the same way we’ve verified this for IPv4?

net/ipv6/af_inet6.c contains the Linux IPv6 implementation, so this is a good place to start. Searching for nonlocal_bind here actually shows a promising result; we see a conditional that looks very similar to that found in the IPv4 implementation. However, this is a red herring; if you scroll up, you’ll notice this only applies to v4-mapped IPv6 addresses , which is not what we’re working with here.

Scrolling down a little further, we see something a bit more familar:

This conditional seems to be simpler at first glance, but we’ll have to look at the two functions that are called in order to know for sure. First, we can look at ipv6_can_nonlocal_bind() :

This looks remarkably similar to the function inet_can_nonlocal_bind we saw back in the IPv4 implementation. In short, this is checking for the three options that would permit nonlocal binds to take place with IPv6 addresses: the net.ipv6.ip_nonlocal_bind sysctl option, and the two socket options IP_FREEBIND , and IP_TRANSPARENT . If any of these are enabled, this function returns true . Because this function is called within a logical AND ( && ), the second half of the conditional, calling ipv6_chk_addr , wouldn’t even execute.

We know that neither net.ipv6.ip_nonlocal_bind or IP_TRANSPARENT are set, so the presence of IP_FREEBIND is clearly what’s allowing the bind to move past this potential EADDRNOTAVAIL return. However, let’s take a look at what would happen if we didn’t set this option, which would result in a false result, and cause ipv6_chk_addr() to be called. Given that this is the second of only two conditions to be checked, this function must return a true result, or our bind will fail. So what does ipv6_chk_addr() do?

ipv6_chk_addr() is just a passthrough , for another function ipv6_chk_addr_and_flags() , passing along its own parameters and a few others. This function in turn does much the same thing to __ipv6_chk_addr_and_flags() , which is where the decision is ultimately made.

The first important thing to keep in mind is that both ipv6_chk_addr() and ipv6_chk_addr_and_flags() have an int return type, and will return 0 to indicate false , and 1 to indicate true . However, __ipv6_chk_addr_and_flags() will return a pointer to a struct net_device . This can can of course be either a NULL or non- NULL value, and you’ll notice the ternary operator translates these to int values 0 and 1, respectively before returning the result.

Within __ipv6_chk_addr_and_flags , you’ll notice the use of hlist_for_each_entry_rcu - this is a macro used for iterating over an RCU list , and in this case is iterating over inet6_addr_lst , which is a hash table of all configured IPv6 addresses on the system.

From here it gets a bit more straightforward - the conditional at the bottom of the loop first compares the address being passed in to this function against the current iteration through inet6_addr_lst . If none of these match, the iteration ends, and the final statement returns a NULL. Following this back up the chain, this will cause ipv6_chk_addr_and_flags() to return a 0, which will cause ipv6_chk_addr() to return a 0, which will be interpreted as a false by the conditional back in the main IPv6 implementation. When this happens, an EADDRNOTAVAIL is returned, and the bind fails.

This is our smoking gun - if the address we’re attempting to bind to isn’t configured on the system, one of the three options that explicitly permit this must be enabled, otherwise, it will fail. No FIB lookup, no implicit Any-IP tie-in.

Just because I like to be exhaustive, we can verify all of this again using bpftrace :

The kprobe here will let us know when __ipv6_chk_addr_and_flags() is called, and will print the address being checked. The kretprobe will let us know what value it returns. As expected, neither of these trigger when we’re binding using IP_FREEBIND , since this is enough to get our conditional in __inet6_bind() to exit early. However, when we omit that socket option, and use a nonlocal IPv6 address, we see a return value of 0:

Of course, one potential source of confusion (at least it was for me) was that Any-IP is totally supported for IPv6 (it was originally added back in 2010 ). This is great news, because Any-IP is even more useful in IPv6; you can treat an absurdly large number of addresses as “local”, with a single routing entry. So don’t be misled into believing that somehow this feature is missing.

The difference here is that unlike IPv4, the FIB is not consulted when binding an IPv6 address to a socket, full-stop. If you want to bind to a non-local address, you must use something like IP_FREEBIND .

At this point I feel it’s obvious I’ve kicked this dead horse quite a bit. I have a pretty firm grasp on the code, and I understand the conditions and logic that leads to the behavior I’m seeing. However, there’s still one question lingering in my mind:

To be honest…..I am not really sure. And to be clear, I wouldn’t consider this a huge problem necessarily, just a slight irritation. It seems that most people I’ve talked to about this have been bit by it in the past, and have just learned to always pass an option like IP_FREEBIND when doing non-local address binds.

Most of the reason I dug into this as far as I did was in case there’s a more concrete reason that IPv6 binds don’t do a FIB lookup - a corner case I haven’t considered, that might bite me as I use this feature in production. To date I haven’t found one yet (though I did ask in the netdev mailing list , and if I get a response I’ll be sure to update this section).

The best answer I’ve gotten thus far is that this wasn’t exactly intentionally left out, more likely a byproduct of the fact that the IPv6 implementation was developed separately, and different decisions were made. Could be as simple as that. IPv6 is its own protocol, with its own set of considerations and decisions to be made, rather than a simple extension of IPv4. So I’d buy this reason. However, if anyone knows of any other reasons I haven’t covered, I’d love to know, both for my own curiosity as well as awareness of corner cases I’ve not considered. Please comment below if you have any information here.

IMAGES

  1. Ubuntu: Unable to bind socket: Cannot assign requested address issue on ubuntu

    bind cannot assign requested address ubuntu

  2. Install BIND 9 on Ubuntu and Configure It for Usage

    bind cannot assign requested address ubuntu

  3. Linux网络编程,bind:error:Cannot assign requested address,Ubuntu网络桥接_ubuntu

    bind cannot assign requested address ubuntu

  4. Bind: Cannot Assign Requested Address

    bind cannot assign requested address ubuntu

  5. DevOps & SysAdmins: bind: cannot assign requested address (2 Solutions

    bind cannot assign requested address ubuntu

  6. Linux网络编程,bind:error:Cannot assign requested address,Ubuntu网络桥接_ubuntu

    bind cannot assign requested address ubuntu

VIDEO

  1. Ubuntu Login loop problem solved

  2. UBUNTU FIX: Clearsigned file isn't valid, got 'NOSPLIT'

  3. UBUNTU FIX: E: Problem with MergeList /var/lib/apt/lists/

  4. UBUNTU FIX: error while loading shared libraries: libpng12.so.0

  5. 18

  6. UBUNTU FIX: Cannot install proprietary drivers

COMMENTS

  1. unable to bind socket: Cannot assign requested address issue on ubuntu

    1 Answer Sorted by: 2 This happens while installing apt-get install dnsproxy package the configuration file /etc/dnsproxy.conf search "# listen 192.168.168.1" and comment the line or give your system ip address "listen XX.XX.XX.XX" Then run apt-get install -f every thing should be fine. May be this BUG ;-) Share Improve this answer Follow

  2. How to fix 'Cannot assign requested address?'

    void CSocket::Bind (IpEndPoint& endPoint) { int bindResult = bind ( socketHandle, endPoint.GetSockAddrPtr (), endPoint.GetAddrLength ()); if (bindResult < 0) { TRACE_ERROR ("Failed to bind to socket. %s.

  3. ssh tunnel

    43 Trying to create a socks (-D) ssh tunnel - Linux box to Linux box (both centos): sshd running on remote side ok. From local machine we do / see this: ssh -D 1080 [email protected]. [email protected]'s password: bind: Cannot assign requested address (where 8.8.8.8 is really my server's IP and 'user' is my real username)

  4. SSH tunnel throws an error: bind [ip]:801: Cannot assign requested

    2 Answers Sorted by: 1 For local forwarding, you need to use -g on the command line, or enable GatewayPorts to yes (default no, disabled) in .ssh/config or /etc/ssh_config to allow listening on non-localhost address:

  5. networking

    Sorted by: 1. This is rumored to be a known issue with the AWS AMI of ubuntu 14.04 (~May 2017). The fix is to restart until you get lucky or manually assign the IP address via something like: ifup lo; ip addr add 127.0.0.1/8 dev lo when it happens. Share.

  6. bind: cannot assign requested address

    7 In many cases, binding to 0.0.0.0 is the best course of action unless you have a specific reason to bind only to a specific address. But I assume that what you're doing isn't working, because you're trying to bind to the instance's public IP address, which you'll find (via ifconfig) your IP stack isn't aware of.

  7. Error: listen tcp x.x.x.x:443: bind: cannot assign requested address

    listen tcp {server's public ip}:80: bind: cannot assign requested address to both 80 and 443 ports. Domain is public and properly configured, pointing out to my VPS. I haven't tried using caddy or setting up loopback to public IP, just wanted to mention that it happens not only on Raspberry.

  8. ssh port forwarding: bind cannot assign requested address

    Beans 203 Distro Ubuntu 12.04 Precise Pangolin ssh port forwarding: bind cannot assign requested address Hi all I have a problem I don't understand while trying to port forward over ssh. I wish to remote desktop to a Windows machine at work from my home Linux box. I can do this through an ssh gateway using: Code:

  9. [Solved] redis bind cannot assign requested address

    Ensure that the network settings are configured correctly, and the IP address assigned to the machine is valid and accessible from outside the machine if using a virtual machine or cloud instance. Use a different IP address and port combination for Redis, updating the configuration file accordingly.

  10. How to fix error: "bind: Cannot assign requested address"

    Quote: Check the /etc/hosts file and make sure that the nodes all have a. single definition and you don't have lines like. 127.0.0.1 localhost normnode3. and that normnode3 has the same address both on the master and on the. node. You can try. ping normnode3.

  11. networking

    1 Answer Sorted by: 44 This might not fix your issue but I had the same error on OSX after it working successfully before. Flushing the routing table helped: sudo ifconfig en0 down # take the networking interface down sudo route flush # flush the route table sudo ifconfig en0 up # take the interface back online

  12. Linux网络编程,bind:error:Cannot assign requested address,Ubuntu网络桥接_ubuntu

    一:问题:刚开始学习Linux网络编程,第一次使用bind函数出现Cannot assign requested address,错误。 在网上找了很多帖子但是都没有解决。 二: 问题一:也就是网上大部分说的:客户端频繁的连服务器,由于每次连接都在很短的时间内结束,导致很多的TIME_WAIT,以至于用光了可用的端 口号,所以新的连接没办法绑定端口,即"Cannot assign requested address"。 是客户端的问题不是服务器端的问题。 方法一:通过netstat -nap查看当前的状态,的确看到很多TIME_WAIT状态的连接。 可以通过pid 用命令 kill -9 pid,杀死处于TIME_WAIT状态的进程。

  13. ubuntu

    Cannot assign requested address? - Server Fault Nginx failed to start. Cannot assign requested address? Ask Question Asked 11 years, 5 months ago Modified 3 years, 2 months ago Viewed 12k times 3 When I reboot my server (not nginx, the whole server), Nginx fails to start automatically.

  14. Fixing "Cannot assign requested address" for NGINX + IPv6 on Ubuntu 18

    I hit the "cannot assign requested address" in 2 circumstances. First, nginx wouldn't start at all because it wouldn't bind. Once that was fixed, the second issue was it would bind except when the server restarted though it worked when the server was manually restarted.

  15. networking

    Method #1 - using nc. The releasing of the port 8140 takes some time to occur. You'll either need to wait until it's been fully released (putting some sleeps in between would be 1 easy way) or by using a different port. If you just want to see if the port @ host is open or not you could just drop the -p 8140.

  16. I got error in run time that "Cannot assign requested address" in C

    If the error is happening on the bind (it's not that obvious based on your question content since the error message you state does not appear in the code), it's likely to be because the address is not available. That's usually because it's already in use, or not available on the current host.

  17. Non-Local Address Binds in Linux

    In addition to the two methods we've just explored, there are two other mechanisms in Linux that, when enabled, also allow a socket to bind to an address that is non-local (not configured anywhere on the machine). The sysctl option net.ipv4.ip_nonlocal_bind (and the IPv6 equivalent net.ipv6.ip_nonlocal_bind) - this is a system-wide setting ...