Hi On Tue, Aug 26, 2014 at 03:50:25PM -0400, John wrote: > On 25/08/14, Reco (recovery...@gmail.com) wrote: > > > Date: Mon, 25 Aug 2014 22:13:41 +0400 > > From: Reco <recovery...@gmail.com> > > To: debian-user@lists.debian.org > > Subject: Re: No localhost - I'm stumped > > X-Spam-Status: No, score=-11.2 required=4.0 tests=DKIM_SIGNED,DKIM_VALID, > > DKIM_VALID_AU,DKIM_VERIFIED,FREEMAIL_FROM,LDOSUBSCRIBER,LDO_WHITELIST, > > T_TO_NO_BRKTS_FREEMAIL autolearn=unavailable version=3.3.2 > > > > Hi. > > > > On Mon, 25 Aug 2014 12:09:59 -0400 > > John <johnrchamp...@wowway.com> wrote: > > > > > ... But alas, nothing from it solved my problem. ... > > > > Probably won't do you any good, since you have a basic kernel facility > > (ip routing) in a broken state. > > > > Can you please post the output of (run it all as root): > > I've separated the various items with ---------- to make them easier to find. > > > 1) iptables-save > iptables-save > # Generated by iptables-save v1.4.21 on Tue Aug 26 15:41:11 2014 > *mangle > :PREROUTING ACCEPT [19424:11674255] > :INPUT ACCEPT [18400:11319703] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [17345:4202761] > :POSTROUTING ACCEPT [17393:4208427] > COMMIT > # Completed on Tue Aug 26 15:41:11 2014 > # Generated by iptables-save v1.4.21 on Tue Aug 26 15:41:11 2014 > *nat > :PREROUTING ACCEPT [1166:401489] > :INPUT ACCEPT [0:0] > :OUTPUT ACCEPT [2108:130276] > :POSTROUTING ACCEPT [0:0] > -A POSTROUTING -j MASQUERADE > COMMIT > # Completed on Tue Aug 26 15:41:11 2014 > # Generated by iptables-save v1.4.21 on Tue Aug 26 15:41:11 2014 > *filter > :INPUT DROP [0:0] > :FORWARD DROP [0:0] > :OUTPUT ACCEPT [17315:4187744] > -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT > -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT > -A INPUT -m state --state INVALID,NEW -j DROP > -A FORWARD -j REJECT --reject-with icmp-port-unreachable > COMMIT
iptables look OK to me - although I find it "cleaner" to have: -A INPUT -i lo -j ACCEPT but I guess it doesn't make any difference. > > 2) strace ping -c2 localhost snipped output - it looks OK to my cursory glances.. > > 4) sysctl --system > sysctl --system > * Applying /etc/sysctl.d/99-sysctl.conf ... > net.ipv4.icmp_echo_ignore_all = 0 > net.ipv4.icmp_echo_ignore_broadcasts = 0 These caught my eye: Ignore all ICMP ? That would stop ping (a.k.a. ICMP echo) from working, wouldn't it? -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140826221205.GA18500@hawking