I'm probably missing something simple here, but dang if I can find it. This problem came up when I tried testing a program based on sockets (actually datagrams). I couldn't get it to work because of refused connections, so I went looking for problems outside the program.

First of all, my network works fine with the eth0 interface. I have no troubles with browsing the web. I'm running RedHat 9.0 iptables with very little enabled, basically just www and domain service.

My trouble lies with the lo or loopback interface. I can ping myself or anyone else, but all attempts to use telnet with 127.0.0.1 or localhost fail due to a refused connection. My understanding is that with the loopback enabled I should be able to telnet to myself. This isn't happening.

I have run ifconfig and it says I have lo running. In fact, when I run "telnet localhost", a couple of packets are registered with lo, but I still get the telnet connection refused error. The iptables also look good and finally, the /etc/hosts file is set for localhost. See below for information from these commands.

Any ideas are appreciated, since I'm running out of them!
Rick



These 3 runs are made of a couple of calls to "ifconfig lo" and "telnet 127.0.0.1". Ifconfig sees lo and 2 packets are processed from the telnet command. I just always get a "connection refused" from telnet.
[root...]# ifconfig lo
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1300 (1.2 Kb) TX bytes:1300 (1.2 Kb)

[root...]# telnet 127.0.0.1
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

[root...]# ifconfig lo
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:24 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1400 (1.3 Kb) TX bytes:1400 (1.3 Kb)


These are the results from "iptables -nvL". The loopback specification (#2) is open to anything that can call it.

[root...]# iptables -nvL
Chain INPUT (policy ACCEPT 148 packets, 180K bytes)
pkts bytes target prot opt in out source destination
366 241K RH-Lokkit-0-50-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Lokkit-0-50-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 196 packets, 15983 bytes)
pkts bytes target prot opt in out source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 flags:0x16/0x02
24 1400 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
44 6240 ACCEPT udp -- * * 216.148.227.68 0.0.0.0/0 udp spt:53
0 0 ACCEPT udp -- * * 204.127.202.4 0.0.0.0/0 udp spt:53
1 48 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 reject-with icmp-port-unreachable
149 53883 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp reject-with icmp-port-unreachable


And finally /etc.hosts has:

[root...]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost

Try This
iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT

I entered what you described and I cleaned up the iptables files and got rid of the lokkit code. The tables are a lot simpler and easier to read. Unfortunately, I still have the same problem. Telnet localhost returns:
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

Since this might be an iptables problem, Below is a copy of my iptables and what iptables sees. If you have any other ideas, let me know.

Rick


/etc/sysconfig/iptables
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

## WWW only
-A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT

## DNS Support
-A INPUT -p udp -m udp -s 216.148.227.68 --sport 53 -d 0/0 -j ACCEPT
-A INPUT -p udp -m udp -s 204.127.202.4 --sport 53 -d 0/0 -j ACCEPT

## Loopback
-A INPUT -i lo -p all -j ACCEPT
-A OUTPUT -o lo -p all -j ACCEPT

## Get rid of rest
-A INPUT -p tcp -m tcp --syn -j REJECT
-A INPUT -p udp -m udp -j REJECT

COMMIT

iptables -vL returns:
Chain INPUT (policy ACCEPT 234 packets, 219K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
57 10402 ACCEPT udp -- any any ns2.attbi.com anywhere udp spt:domain
0 0 ACCEPT udp -- any any ns5.attbi.com anywhere udp spt:domain
32 2004 ACCEPT all -- lo any anywhere anywhere
3 144 REJECT tcp -- any any anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
137 49594 REJECT udp -- any any anywhere anywhere udp reject-with icmp-port-unreachable

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 300 packets, 46482 bytes)
pkts bytes target prot opt in out source destination
32 2004 ACCEPT all -- any lo anywhere anywhere