LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 07-21-2008, 06:37 PM   #1
jsmith6
Member
 
Registered: Feb 2006
Distribution: Slackware 13.1 / 13.37
Posts: 91

Rep: Reputation: 16
I can't ping 127.0.0.1 (with open firewall)


I can't ping 127.0.0.1 nor localhost. I can ping google.com, yahoo.com, and my router at 192.168.1.1 but not localhost.

Here it is:

Code:
ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.

--- 127.0.0.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4000ms
If I start Apache and go to http://localhost with Firefox, I can see the starting page (I cleared the cache just in case it was cached from an older session). I can also login into SSH when I start my SSHd.

Lets try the host command:

Code:
jsmith@darkstar:~$ host localhost
Host localhost not found: 3(NXDOMAIN)
jsmith@darkstar:~$ host 127.0.0.1
1.0.0.127.in-addr.arpa domain name pointer localhost.
jsmith@darkstar:~$
I don't know if this helps, but here is the output of nslookup:

Code:
nslookup 127.0.0.1
Server:		192.168.1.1
Address:	192.168.1.1#53

1.0.0.127.in-addr.arpa	name = localhost.
The file /etc/hosts seems ok:

Code:
# For loopbacking.
127.0.0.1		localhost
127.0.0.1		darkstar.example.org darkstar
The files /etc/hosts.allow and /etc/hosts.deny look untouched.

ifconfig -a gives:

Code:
# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:1a:4d:5e:70:0f  
          inet addr:192.168.1.33  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::21a:4dff:fe5e:700f/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16184 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16515 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:11584528 (11.0 MiB)  TX bytes:5842994 (5.5 MiB)
          Interrupt:17 Base address:0xa000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:43 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3396 (3.3 KiB)  TX bytes:3396 (3.3 KiB)
I isn't my firewall either, I tried allowing everything, iptables -L gives me:

Code:
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ping google.com gives:

Code:
ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=242 time=178 ms
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=2 ttl=242 time=178 ms
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=3 ttl=242 time=180 ms

--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 178.354/178.991/180.063/0.762 ms
I tried booting from the Slackware 12.1 DVD and pinged localhost and worked fine. I must be something I have changed after I installed Slackware.

What could it be?
 
Old 07-21-2008, 06:55 PM   #2
Ken-ji
LQ Newbie
 
Registered: Apr 2003
Location: Philippines
Distribution: Slackware
Posts: 19

Rep: Reputation: 0
What's in your /etc/resolv.conf.

beacuse the command
Code:
# host localhost
Host localhost not found: 3(NXDOMAIN)
returning NXDOMAIN is not good.
host localhost should be returning 127.0.0.1

also, post what you get from
Code:
# domainname

# route

# iptables -t nat -L

# iptables -t mangle -L
I think this is what's going on:
Your router is assinging it self as the default route - good
but the /etc/resolv.conf may not have a locaL domain defined.
thus when localhost is resolved the router tries to figureout what the heck "localhost" resolves to and failes. (Since no TLD by the name of localhost exists)

However the ping 127.0.0.1 is kinda weird...
can you try
Code:
# ping -n 127.0.0.1
As ping might be attempting to resolve 127.0.0.1 as a DNS name and not an IP.

Last edited by Ken-ji; 07-21-2008 at 07:00 PM.
 
Old 07-22-2008, 03:19 AM   #3
jsmith6
Member
 
Registered: Feb 2006
Distribution: Slackware 13.1 / 13.37
Posts: 91

Original Poster
Rep: Reputation: 16
My /etc/resolv.conf is:

Code:
# Generated by dhcpcd for interface eth0
nameserver 192.168.1.1
Which I remember it always looked like that.


domainname returns:

Code:
(none)
route returns:

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

iptables -t nat -L returns:

Code:
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
iptables -t mangle -L returns:

Code:
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
ping -n 127.0.0.1 returns:

Code:
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.

--- 127.0.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3008ms
 
Old 07-22-2008, 05:11 AM   #4
rg3
Member
 
Registered: Jul 2007
Distribution: Fedora
Posts: 527

Rep: Reputation: Disabled
I haven't looked at your problem in depth, but I can only say that the command "host localhost" returning NXDOMAIN is alright. The "host" command always uses the DNS to try to resolve the name and skips /etc/hosts, and "localhost" may not be defined in the name server you use. As long as it's present in /etc/hosts (which seems to be the case), it's not a problem.
 
Old 07-22-2008, 05:45 AM   #5
Vit77
Member
 
Registered: Jun 2008
Location: Toronto, Canada
Distribution: SuSE, RHEL, Mageia
Posts: 132

Rep: Reputation: 17
Changing the routing table might help.

Code:
ip route del loopback
ip route add 127.0.0.0/8 via 127.0.0.1 dev lo
 
Old 07-22-2008, 07:08 AM   #6
jsmith6
Member
 
Registered: Feb 2006
Distribution: Slackware 13.1 / 13.37
Posts: 91

Original Poster
Rep: Reputation: 16
ip route gives me:

Code:
192.168.1.0/24 dev eth0  scope link 
127.0.0.0/8 dev lo  scope link 
default via 192.168.1.1 dev eth0
ip route del loopback gave:

Code:
Error: an inet prefix is expected rather than "loopback".
ip route add 127.0.0.0/8 via 127.0.0.1 dev lo gave me:

Code:
RTNETLINK answers: File exists
Now, ip route says:

Code:
192.168.1.0/24 dev eth0  scope link 
127.0.0.0/8 dev lo  scope link 
default via 192.168.1.1 dev eth0
 
Old 07-22-2008, 07:43 AM   #7
Vit77
Member
 
Registered: Jun 2008
Location: Toronto, Canada
Distribution: SuSE, RHEL, Mageia
Posts: 132

Rep: Reputation: 17
If the first command failed, the others don't have sence.

Well, try this instead:
Code:
route del -host 127.0.0.1 dev lo
route add -net 127.0.0.0/8 gw 127.0.0.1 dev lo
 
Old 07-22-2008, 12:01 PM   #8
jsmith6
Member
 
Registered: Feb 2006
Distribution: Slackware 13.1 / 13.37
Posts: 91

Original Poster
Rep: Reputation: 16
Code:
# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
Code:
# route del -host 127.0.0.1 dev lo
SIOCDELRT: No such process
Code:
# route add -net 127.0.0.0/8 gw 127.0.0.1 dev lo
Code:
# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
loopback        localhost       255.0.0.0       UG    0      0        0 lo
loopback        *               255.0.0.0       U     0      0        0 lo
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
It didn't worked :-/

Am I heading for a re-install here? Could this be a rootkit? I am sorry, I am always assuming the worse.

Last edited by jsmith6; 07-22-2008 at 12:02 PM.
 
Old 07-22-2008, 04:07 PM   #9
Ken-ji
LQ Newbie
 
Registered: Apr 2003
Location: Philippines
Distribution: Slackware
Posts: 19

Rep: Reputation: 0
What does traceroute return anyway?
Code:
# traceroute 127.0.0.1
Do this on a fresh bootup btw.
 
Old 07-22-2008, 05:31 PM   #10
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 63
The default bring up of the loopback interface will configure the appropriate route for the 127.0.0.1 interface.

There is still something blocking the ICMP packet. Try stopping and rmmod'ing iptables completely, bring down lo, and then bring it back up again.

Traceroute is unnecessary; it is just ICMP packets. /etc/resolv.conf is unnecessary to ping by IP address - there is no DNS activity when using -n. I no cause will it prevent the packets.
 
Old 07-22-2008, 06:58 PM   #11
Ken-ji
LQ Newbie
 
Registered: Apr 2003
Location: Philippines
Distribution: Slackware
Posts: 19

Rep: Reputation: 0
Good point. Only the ICMP packets seem to be blocked at the moment.
I didn't realize he'd tested TCP access already using sshd and httpd
 
Old 07-23-2008, 09:46 AM   #12
jbnexus
LQ Newbie
 
Registered: Jul 2008
Posts: 7

Rep: Reputation: 0
its maybe a sysctl setting

try as root
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all

and ping again
ping -n -c1 127.0.0.1
 
Old 07-23-2008, 01:23 PM   #13
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 63
How about checking the value first before blowing away the clues:

cat /proc/sys/net/ipv4/icmp_echo_ignore_all

and *then* change the value if necessary.
 
Old 07-23-2008, 07:34 PM   #14
jsmith6
Member
 
Registered: Feb 2006
Distribution: Slackware 13.1 / 13.37
Posts: 91

Original Poster
Rep: Reputation: 16
I managed to solve the problem! jbnexus and Mr. C., you were right on the spot! I whish I had read your posts before I re-install and find out the long way.

Let me tell you how I did it.

First I re-installed Slack. Pinging localhost worked fine. Then, before I started setting up things, I took a backup of my /etc directory. As I was configuring the system, I noticed that after a while I again couldn't ping localhost. I examined all the changes I did since my fresh install and ended up on this one. This is the source of all evil:

Code:
#!/bin/sh

# prevent SYN floods from consuming memory resources
echo "1" > /proc/sys/net/ipv4/tcp_syncookies

# no ICMP
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

# no spoofing
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
	then
		for filtre in /proc/sys/net/ipv4/conf/*/rp_filter
	do
		echo 1 > $filtre
	done
fi 

# handles FTP better
modprobe ip_conntrack_ftp
I imagine that it must be something on the kernel. I heard that they were going to remove some of the options that are allowed to be changed by changing files in /proc.

I had these things inside my firewall script since Slackware 10 or 11, which both ran by default on 2.4 kernels. I have been using this script on Slackware 12.0 and Ubuntu 6.06 through 7.10 (all versions of Ubuntu that I have been using run on kernel 2.6) without any problems. But one of these things does not behave with Slack 12.1.

I this problem also prevented from SMB/Samba working properly with a VM.

Now, why didn't this went away when I disabled all rules of my firewall? Here is why. I use another script to reset my firewall fules, this one:

Code:
#!/bin/sh

# set the default policy for each chain
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# flush (remove) all rules
iptables -F INPUT 
iptables -F FORWARD 
iptables -F OUTPUT 

# remove all custom chains
iptables -X
...which just removes iptables rules.

Back to "evil" options. If anyone knows, then please tell me, could it also be one of the other lines in there? I always though that "icmp_echo_ignore_all" was ignoring ICMP from outside and it didn't caused me a problem until now (I have almost forgotten that it was in there). But that command was redundant anyway because I block incoming traffic that is unrelated.

A big thanks to all!
 
Old 07-24-2008, 03:38 PM   #15
jbnexus
LQ Newbie
 
Registered: Jul 2008
Posts: 7

Rep: Reputation: 0
sysctl

sorry for not cating the icmp_echo_ignore_all systl setting, but i thought is was almost... obvious.

man tcp

turning timestamp off is a nice feature
echo "0" > /proc/sys/net/ipv4/tcp_timestamps
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can not ping 127.0.0.1 dan0r Linux - Networking 12 06-15-2006 04:08 PM
FC4 won't ping 127.0.0.1 or the internet, but will ping local computers jalsk Linux - Networking 4 11-22-2005 05:59 PM
firewall, open ports, and ping response azebuski Linux - Security 3 03-16-2004 01:31 AM
No ping replies on 127.0.0.1 zzero Linux - Networking 14 03-15-2004 10:17 AM
No ping 127.0.0.1 Spi Linux - Networking 11 07-18-2003 11:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration