Thanks very much - you saved me much wasted time I would have spent playing with the routing tables.
I imported my firewall from a Mandrake system using the 2.4 kernel. I was using NAT to allow my private network machines access to the internet. I had the same functionality in Fedora Core 4 - everything worked except the loopback interface, in spite of having rules in the "filter" chains to ACCEPT all traffic going in or out of the loopback interface.
It appears that the 2.6 kernel under FC 4 was NATing packets to or from the loopback interface, something that simply didn't occur in the older system. I added rules at the beginning of the "nat" table to ACCEPT all loopback interface traffic, and I am now able to ping the loopback and get a reply.
Thanks for steering me in the right direction.
Gilles Detillieux wrote:
Dan Martin wrote:
I have installed Fedora Core 4 on my firewall machine. My networked machines can browse the web, but I cannot access the loopback device, eg, for SWAT configuration.
ifconfig lo shows the loopback interface to be UP and RUNNING at inet addr 127.0.0.1
ping localhost results in 100% packet loss
The routing tables do not show a loopback entry, and if I try to add one I get errors.
Can anyone tell me what's going on?
Not entirely, but here's a bit of info that might help. I just did a "netstat -r" on Red Hat 9, FC1, FC3 and FC4. On RH9 & FC1, "lo" appears in the routing table output by netstat, while on FC3 & 4 it doesn't. Maybe it's a 2.6 kernel thing, but for whatever reason it seems "lo" doesn't need to be in the routing table for FC3 & 4. I tried "ping localhost" on 2 different FC4 systems, though, as well as 1 FC3 system, and all worked fine. They all have a fairly default configuration of iptables on them, as setup by system-config-securitylevel.
It might be worth a look at your own iptables configuration to see if something is amiss there, especially if you're running a non-standard (from a RH/Fedora perspective) setup.