[RndTbl] no routing entry for loopback
Dan Martin
ummar143 at cc.umanitoba.ca
Wed Nov 23 21:48:02 CST 2005
Thanks very much - you saved me much wasted time I would have spent
playing with the routing tables.
I imported my firewall from a Mandrake system using the 2.4 kernel. I
was using NAT to allow my private network machines access to the
internet. I had the same functionality in Fedora Core 4 - everything
worked except the loopback interface, in spite of having rules in the
"filter" chains to ACCEPT all traffic going in or out of the loopback
interface.
It appears that the 2.6 kernel under FC 4 was NATing packets to or from
the loopback interface, something that simply didn't occur in the older
system. I added rules at the beginning of the "nat" table to ACCEPT all
loopback interface traffic, and I am now able to ping the loopback and
get a reply.
Thanks for steering me in the right direction.
Gilles Detillieux wrote:
> Dan Martin wrote:
>
>> I have installed Fedora Core 4 on my firewall machine. My networked
>> machines can browse the web, but I cannot access the loopback device,
>> eg, for SWAT configuration.
>>
>> ifconfig lo
>> shows the loopback interface to be UP and RUNNING at inet addr 127.0.0.1
>>
>> ping localhost
>> results in 100% packet loss
>>
>> The routing tables do not show a loopback entry, and if I try to add
>> one I get errors.
>>
>> Can anyone tell me what's going on?
>
>
> Not entirely, but here's a bit of info that might help. I just did a
> "netstat -r" on Red Hat 9, FC1, FC3 and FC4. On RH9 & FC1, "lo"
> appears in the routing table output by netstat, while on FC3 & 4 it
> doesn't. Maybe it's a 2.6 kernel thing, but for whatever reason it
> seems "lo" doesn't need to be in the routing table for FC3 & 4. I
> tried "ping localhost" on 2 different FC4 systems, though, as well as
> 1 FC3 system, and all worked fine. They all have a fairly default
> configuration of iptables on them, as setup by
> system-config-securitylevel.
>
> It might be worth a look at your own iptables configuration to see if
> something is amiss there, especially if you're running a non-standard
> (from a RH/Fedora perspective) setup.
>
--
-Dan
Dr. Dan Martin, MD, CCFP, BSc, BCSc (Hon)
GP Hospital Practitioner
Computer Science grad student
ummar143 at cc.umanitoba.ca
(204) 831-1746
answering machine always on
More information about the Roundtable
mailing list