Re: No localhost - I'm stumped

To: debian-user@lists.debian.org
Subject: Re: No localhost - I'm stumped
From: "Karl E. Jorgensen" <karl@jorgensen.org.uk>
Date: Tue, 26 Aug 2014 23:12:05 +0100
Message-id: <[🔎] 20140826221205.GA18500@hawking>
In-reply-to: <[🔎] 20140826195025.GA11615@wowway.com>
References: <[🔎] 20140824174325.GA2090@wowway.com> <[🔎] slrnlvkb40.1v4.curty@einstein.electron.org> <[🔎] 20140825160959.GA8562@wowway.com> <[🔎] 20140825221341.437a812f29d257d0bf796a0e@gmail.com> <[🔎] 20140826195025.GA11615@wowway.com>

Hi

On Tue, Aug 26, 2014 at 03:50:25PM -0400, John wrote:
> On 25/08/14, Reco (recoverym4n@gmail.com) wrote:
> 
> > Date: Mon, 25 Aug 2014 22:13:41 +0400
> > From: Reco <recoverym4n@gmail.com>
> > To: debian-user@lists.debian.org
> > Subject: Re: No localhost - I'm stumped
> > X-Spam-Status: No, score=-11.2 required=4.0 tests=DKIM_SIGNED,DKIM_VALID,
> >  DKIM_VALID_AU,DKIM_VERIFIED,FREEMAIL_FROM,LDOSUBSCRIBER,LDO_WHITELIST,
> >  T_TO_NO_BRKTS_FREEMAIL autolearn=unavailable version=3.3.2
> > 
> >  Hi.
> > 
> > On Mon, 25 Aug 2014 12:09:59 -0400
> > John <JohnRChamplin@wowway.com> wrote:
> > 
> > > ...  But alas, nothing from it solved my problem. ...
> >
> > Probably won't do you any good, since you have a basic kernel facility
> > (ip routing) in a broken state.
> > 
> > Can you please post the output of (run it all as root):
> 
> I've separated the various items with  ---------- to make them easier to find.
> 
> > 1) iptables-save
> iptables-save
> # Generated by iptables-save v1.4.21 on Tue Aug 26 15:41:11 2014
> *mangle
> :PREROUTING ACCEPT [19424:11674255]
> :INPUT ACCEPT [18400:11319703]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [17345:4202761]
> :POSTROUTING ACCEPT [17393:4208427]
> COMMIT
> # Completed on Tue Aug 26 15:41:11 2014
> # Generated by iptables-save v1.4.21 on Tue Aug 26 15:41:11 2014
> *nat
> :PREROUTING ACCEPT [1166:401489]
> :INPUT ACCEPT [0:0]
> :OUTPUT ACCEPT [2108:130276]
> :POSTROUTING ACCEPT [0:0]
> -A POSTROUTING -j MASQUERADE
> COMMIT
> # Completed on Tue Aug 26 15:41:11 2014
> # Generated by iptables-save v1.4.21 on Tue Aug 26 15:41:11 2014
> *filter
> :INPUT DROP [0:0]
> :FORWARD DROP [0:0]
> :OUTPUT ACCEPT [17315:4187744]
> -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
> -A INPUT -m state --state INVALID,NEW -j DROP
> -A FORWARD -j REJECT --reject-with icmp-port-unreachable
> COMMIT

iptables look OK to me - although I find it "cleaner" to have:

 -A INPUT -i lo -j ACCEPT	 

but I guess it doesn't make any difference.

> > 2) strace ping -c2 localhost

snipped  output - it looks OK to my cursory glances..


> > 4) sysctl --system
> sysctl --system
> * Applying /etc/sysctl.d/99-sysctl.conf ...
> net.ipv4.icmp_echo_ignore_all = 0
> net.ipv4.icmp_echo_ignore_broadcasts = 0

These caught my eye: Ignore all ICMP ? That would stop ping
(a.k.a. ICMP echo) from working, wouldn't it?

-- 
Karl E. Jorgensen

Reply to:

Follow-Ups:
- Re: No localhost - I'm stumped
  - From: Reco <recoverym4n@gmail.com>
- Re: No localhost - I'm stumped
  - From: John <JohnRChamplin@wowway.com>

References:
- No localhost - I'm stumped
  - From: John <JohnRChamplin@wowway.com>
- Re: No localhost - I'm stumped
  - From: Curt <curty@free.fr>
- Re: No localhost - I'm stumped
  - From: John <JohnRChamplin@wowway.com>
- Re: No localhost - I'm stumped
  - From: Reco <recoverym4n@gmail.com>
- Re: No localhost - I'm stumped
  - From: John <JohnRChamplin@wowway.com>

Prev by Date: Re: No localhost - I'm stumped
Next by Date: Re: Choose your side on the Linux divide
Previous by thread: Re: No localhost - I'm stumped
Next by thread: Re: No localhost - I'm stumped
Index(es):
- Date
- Thread