[RndTbl] no routing entry for loopback

Dan Martin ummar143 at cc.umanitoba.ca
Wed Nov 23 21:48:02 CST 2005


Thanks very much - you saved me much wasted time I would have spent 
playing with the routing tables.

I imported my firewall from a Mandrake system using the 2.4 kernel.  I 
was using NAT to allow my private network machines access to the 
internet.  I had the same functionality in Fedora Core 4 - everything 
worked except the loopback interface, in spite of having rules in the 
"filter" chains to ACCEPT all traffic going in or out of the loopback 
interface.

It appears that the 2.6 kernel under FC 4 was NATing packets to or from 
the loopback interface, something that simply didn't occur in the older 
system.  I added rules at the beginning of the "nat" table to ACCEPT all 
loopback interface traffic, and I am now able to ping the loopback and 
get a reply.

Thanks for steering me in the right direction.

Gilles Detillieux wrote:

> Dan Martin wrote:
>
>> I have installed Fedora Core 4 on my firewall machine.  My networked 
>> machines can browse the web, but I cannot access the loopback device, 
>> eg, for SWAT configuration.
>>
>> ifconfig lo
>> shows the loopback interface to be UP and RUNNING at inet addr 127.0.0.1
>>
>> ping localhost
>> results in 100% packet loss
>>
>> The routing tables do not show a loopback entry, and if I try to add 
>> one I get errors.
>>
>> Can anyone tell me what's going on?
>
>
> Not entirely, but here's a bit of info that might help.  I just did a 
> "netstat -r" on Red Hat 9, FC1, FC3 and FC4.  On RH9 & FC1, "lo" 
> appears in the routing table output by netstat, while on FC3 & 4 it 
> doesn't. Maybe it's a 2.6 kernel thing, but for whatever reason it 
> seems "lo" doesn't need to be in the routing table for FC3 & 4.  I 
> tried "ping localhost" on 2 different FC4 systems, though, as well as 
> 1 FC3 system, and all worked fine.  They all have a fairly default 
> configuration of iptables on them, as setup by 
> system-config-securitylevel.
>
> It might be worth a look at your own iptables configuration to see if 
> something is amiss there, especially if you're running a non-standard 
> (from a RH/Fedora perspective) setup.
>
-- 

  -Dan

Dr. Dan Martin, MD, CCFP, BSc, BCSc (Hon)

GP Hospital Practitioner
Computer Science grad student
ummar143 at cc.umanitoba.ca
(204) 831-1746
answering machine always on



More information about the Roundtable mailing list