TCP Nonlocal Bind Linux Kernel Setting

How to display and modify the Nonlocal Bind kernel setting on Linux

tcp nonlocal bind

This setting allows binding (by applications etc.) to IP addresses that are not assigned to a network interface on the host (thus nonlocal). This may be required when using VRRP with Keepalived in conjunction with HA Proxy for instance. If it is not enabled, HA Proxy cannot bind to a VRRP addresses unless the local host is the VRRP master for it.

You can check the current setting like so:

$ sysctl net.ipv4.ip_nonlocal_bind
net.ipv4.ip_nonlocal_bind = 0

Dynamic Configuration

To change the running configuration, use this command with your desired value:

$ sysctl -w net.ipv4.ip_nonlocal_bind=0|1

You can confirm like so:

$ sysctl net.ipv4.ip_nonlocal_bind

Permanent Configuration

To make this setting persistent across reboots, edit the /etc/sysctl.conf file like so, save and quit:

$ vi /etc/sysctl.conf

net.ipv4.ip_nonlocal_bind = 0|1

:wq

You can then reboot to check the setting persists, or alternatively, run this command to load them:

$ sysctl -p /etc/sysctl.conf

Note: The sysctl command will read /etc/sysctl.conf by default so it doesn’t need to be specified but I’ve left it there for the sake of clarity and to ensure it’s clear some other file can be specified.

Confirm with this:

$ sysctl net.ipv4.ip_nonlocal_bind

IPv6

There is no equivalent option for IPv6 addresses unfortunately. A common workaround for this involves assigning the address(es) to the lo or a dummy interface.