Letting memcached only listen on localhost on CentOS/RHEL

Mattias Geniar, Saturday, February 18, 2012

Since memcached doesn't have authentication (yet), it's advised to make the ports of the service public only to those systems that need to access it. That means firewalling the default port 11211. But if you're only running memcached on a local machine which needs local access, you can also make memcached only listen on the local 127.0.0.1 IP. Doing so, remote access is not possible.

First, install memcached.

~# yum install memcached
~# chkconfig memcached on

After the installation, the default config file looks like this.

~# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS=""

If you start memcached now, it would listen to all available interfaces.

~# netstat -an | grep ":11211"
tcp        0      0 0.0.0.0:11211               0.0.0.0:*                   LISTEN
udp        0      0 0.0.0.0:11211               0.0.0.0:*

To prevent that, change the last line with the OPTIONS variable to this (that's lower case L in the options).

~# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1"

And start memcached.

~# /etc/init.d/memcached start
Starting memcached:                                        [  OK  ]

If you now check your ports, you'll notice it only listens on localhost (127.0.0.1).

~# netstat -an | grep ":11211"
tcp        0      0 127.0.0.1:11211             0.0.0.0:*                   LISTEN
udp        0      0 127.0.0.1:11211             0.0.0.0:*


Hi! My name is Mattias Geniar. I'm a Support Manager at Nucleus Hosting in Belgium, a general web geek, public speaker and podcaster. Currently working on DNS Spy. Follow me on Twitter as @mattiasgeniar.

I respect your privacy and you won't get spam. Ever.
Just a weekly newsletter about Linux and open source.

SysCast podcast

In the SysCast podcast I talk about Linux & open source projects, interview sysadmins or developers and discuss web-related technologies. A show by and for geeks!

cron.weekly newsletter

A weekly newsletter - delivered every Sunday - for Linux sysadmins and open source users. It helps keeps you informed about open source projects, Linux guides & tutorials and the latest news.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *