no lo device and can't ping myself

alyoshak19 · 11-09-2007, 04:35 AM

Hello,

I have a networking problem which I was only made aware of when I switched to using KDE from Gnome (which worked fine). Evidently, when loading, KDE makes several queries to the loopback device (or something else). My KDE is taking about 10 minutes (not kidding) to load and top shows no significant activity during the whole boot-up time. Anyway, this leads me to believe that these queries are timing out (and have a long timer!).

I'm running Debian Lenny on a PIII 1GHz, 256 MB RAM, and I have a simple two-computer LAN (just a crossover cable) between this box and a WinXP laptop. I have a SpeedTouch 330 USB modem and I run the linux box as a firewall and file server (I use Samba). All this took some manual configuring, but it works, which is why I'm nervous to change much of anything. I'm pretty new at all of this.

Now, when I boot up and check ifconfig, I don't see lo listed. This is what I get (I've substituted *** for my external IP):

Code:

#ifconfig
eth0      Link encap:Ethernet  HWaddr 00:01:80:05:8D:3D
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::201:80ff:fe05:8d3d/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:3783 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4561 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1016475 (992.6 KiB)  TX bytes:3491665 (3.3 MiB)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:***.***.***.***  P-t-P:212.74.102.9  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:12411 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10652 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:10999460 (10.4 MiB)  TX bytes:2272037 (2.1 MiB)

Also, here's my /etc/hosts file and my iptables setup:

Code:

#cat /etc/hosts
127.0.0.1 localhost
192.168.1.1 LINUX server
192.168.1.2 WINXP

::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

#iptables -L
hain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp spt:domain dpts:1024:65535
ACCEPT     icmp --  anywhere             *****               icmp echo-reply state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             LINUX               icmp echo-reply state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  192.168.1.0/24       anywhere
LOG        0    --  anywhere             anywhere            LOG level warning prefix `Dropped In '
DROP       0    --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             WINXP               tcp spts:1024:65535 dpt:3724 state NEW
ACCEPT     tcp  --  anywhere             WINXP               tcp spts:1024:65535 dpt:6112 state NEW
ACCEPT     0    --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
LOG        0    --  anywhere             anywhere            LOG level warning prefix `Dropped Fwd '
DROP       0    --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp spts:1024:65535 dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED
ACCEPT     icmp --  *****                anywhere            icmp echo-request state NEW,RELATED,ESTABLISHED
ACCEPT     icmp --  LINUX                anywhere            icmp echo-request state NEW,RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             192.168.1.0/24
LOG        0    --  anywhere             anywhere            LOG level warning prefix `Dropped Out '
DROP       0    --  anywhere             anywhere

I've tried to set it up so I can ping LINUX (either 192.168.1.1 OR 127.0.0.1) from itself, but that doesn't seem to work. I can ping WINXP from LINUX and vice-versa, and I can ping the outside world from both. Here's what happens:

Code:

$ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
$ping LINUX
PING LINUX (192.168.1.1) 56(84) bytes of data.
... (CTRL-C) ...
--- LINUX ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2010ms

Is this all related? I hope so. I really would like KDE to load much faster (I'd even take a 50% improvement!). Any help you can give would be greatly appreciated. TIA.

salasi · 11-10-2007, 02:44 AM

I'm not enough of an expert, but my feelings are:

Yes, its related. The loopback interface is used by the gui (I thought X used it, so I was expecting to see both KDE and Gnome be unacceptably slow) and if you can't ping yourself that is going to cause problems.

In order to get the firewall out of the equation, I'd disable it completely (flush the rules and set all policies to accept...in passing you do know that setting policies to accept and denying things that you don't want is regarded as less secure than setting policies to deny and accepting things that you do want?). This makes your machine very vulnerable (perhaps not a worry with ethernet-interfaced routers which can be set up to provide primitive firewalling, but with a USB interfaced one a real concern). So, for the purposes of this experiment, you pull out the cable connecting the modem to the internet.

Having stopped the firewall from blocking stuff, then I'd then have a look at pinging lo. I don't know why it doesn't show up in ifconfig; it should. is it possible that you've got something odd set up in nsswitch and you don't get the name resolved until some service (say DNS, which I guess you are not running) times out?

Here is a working /etc/hosts for 'hydrau'. I note, and this is the first time that I've really taken enough notice of this, that I have two lines for the local machine: 127.0.0.1 and 127.0.1.1 . (One of those things I've never taken much notice of because it has 'just worked'.)

Code:

cat /etc/hosts
127.0.0.1 localhost hydrau
127.0.1.1 hydrau

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

I note, looking at Harrison's Linux Quick Fix Notebook this passage:

Quote:

Usually the first entry in /etc/hosts defines the IP address of the server's virtual loopback interface. This is usually mapped to the name localhost.localdomain...by default, Fedora inserts the hostname of the server between the 127.0.0.1 and the localhost entries like this:

Code:

127.0.0.1    bigboy    localhost.localdomain    localhost

When the server is connected to the internet, this first entry after the 127.0.0.1 needs to be the fully qualified domain name of the server - for example bigboy.my-web-site.org (*)

Code:

127.0.01    bigboy.my-web-site.org    localhost.localdomain localhost

some programs such as sendmail are very sensitive to this and if they detect what they feel is an incorrect FQDN they will default to using the name localhost.localdomain when communicating with another server on the network. This can cause confusion, because the other server also feels it is localhost.localdomain.

* I've corrected what looks like a typo in the original text here; harrison's book has bigboy.mysite.com on the intro line and bigboy.my-web-site.org in the actual line of code

(so it is possible that when the gui does something with lo, you are actually waiting for another machine on the network to resolve that for you....a bad idea, even if it did work!)

Once you've got it working in the stripped down state, put the firewall back in (before you allow the big bad internet back at you). You may need something like this (again, orig derived from Harrison, but with whatever mods may have seemed appropriate at the time...note though that I've never used a USB modem as opposed to an ethernet router, so I'm only guessing how the USB things work):

Code:

#__________________________________________________________________________
#
# The loopback interface should accept all traffic
# necessary for X-Windows and other socket based services
# 
#__________________________________________________________________________

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

alyoshak19 · 11-10-2007, 03:40 AM

Excellent! I've got it working now. Thanks so much. I haven't completely rebooted yet, but KDE now loads in under a minute! For the record, I ran

Code:

#ifconfig lo 127.0.0.1

I added

Code:

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

to the start of the script that loads my iptables, and I changed the start of my /etc/hosts file to

Code:

127.0.0.1 LINUX localhost
127.0.1.1 LINUX
192.168.1.1 LINUX server
192.168.1.2 WINXP