# Loopback IP Ranges By default, your StrongDM organization assigns each resource a port on the `127.0.0.1` IP address, which is the address and port that clients reach out to with traffic for that resource. These ports can be overridden and set to specific ports, as necessary. To learn more about how ports are assigned and overridden, see the [Port Overrides](https://docs.strongdm.com/admin/resources/port-overrides) section. {% hint style="info" %} This mode of operation is called "loopback", referring to the fact that traffic is sent out over a port and then redirected back to a local service on the machine. In this case, that service is StrongDM's listener service. {% endhint %} Should an organization require a large amount of resources, beyond the available ports on the default local address (around 60,000 unique ports), you may specify a larger loopback range to use for your organization. ### Effects of Expanding the Loopback Range Once the loopback range is expanded, when an organization creates a resource without providing a bind address or port, that resource has these values auto-assigned as always, but can automatically iterate through as many IP addresses as configured by this multi-loopback setting. Additionally, when resources are created, they can be directly assigned to IPs within the configured range, if desired. #### Service Installation for macOS Users When your organization is configured with a non-default loopback range, if a user on macOS attempts to access a resource that is accessible at a non-default loopback address, they receive a notification. In the Desktop App, they are then instructed to install the StrongDM System Service via a banner alert. This service requires administrator privileges to install. The installed service sets up aliases on the user device's operating system for whatever loopback addresses are configured as needed by a user. Users on Windows or Linux operating systems do not have this interaction, as those operating systems already bind all 127.\* addresses to the loopback interface. ### Configure Loopback Range To set a larger available range of addresses for your organization, you can use the Admin UI or the CLI to configure your loopback range. {% hint style="info" %} If the IP range is updated to be more restrictive than it was before, and now excludes IPs that are already assigned to resources, the administrator making the change is warned (whether in the Admin UI or the CLI) but allowed to bypass that warning. Those existing resources continue to work on their assigned IP (although it is outside of the designated range), but the IP must be changed to a valid, in-range IP the next time the resource configuration is updated. {% endhint %} #### Loopback Settings in the Admin UI In the Admin UI on the **Settings** > **Networking** page, in the **Loopback Settings** section. ![](https://4180056444-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FF7eka9SH5TT8nJm2ZfWj%2Fuploads%2Fgit-blob-65333c9feea0a33a474978e5c07d7ac290138d76%2Floopback-settings.png?alt=media) You can use the **Loopback IP Range or Subnet Mask** field to set ranges in terms of explicit start and end IPs (`127.0.0.5`-`127.0.0.10`) or in terms of a mask, between 32 and 24. #### Loopback Settings in the CLI You can use the `sdm admin organization update` command in the CLI to update the range of available addresses as well: ```sh sdm admin organization update --loopback-range ``` See the [sdm admin organization update](https://app.gitbook.com/s/4XOJmXFslCMVCzIG2rKp/cli/admin/organization/update "mention") for details. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/clients/client-networking/loopback-ip-ranges.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.