Does anyone really control the Internet? (fwd)
Anyone want to get involved with CIRA (and join Bill)? -- Gilbert E. Detillieux E-mail: <gedetil@cs.umanitoba.ca> Dept. of Computer Science Web: http://www.cs.umanitoba.ca/~gedetil/ University of Manitoba Phone: (204)474-8161 Winnipeg, MB, CANADA R3T 2N2 Fax: (204)474-7609 ---------------------------------------------------------------------------- From: "Julie Lepine" <julie.lepine@cira.ca> To: "Julie Lepine" <julie.lepine@cira.ca> Date: Fri, 4 Nov 2005 14:23:27 -0500 Subject: Does anyone really control the Internet? / Quelqu'un controle vraiment l'Internet ? Le français suivra. Dear Madam/Sir, Does anyone really control the Internet? No but your organization could help manage Canadas Internet space. The Canadian Internet Registration Authority (CIRA), which operates the dot-ca Internet domain, is looking for organizations to appoint Directors to its Board for 2006-2007. The dot-ca Internet domain is a valuable and growing resource built for and operated by Canadians. The CIRA Board represents the diversity and interests of Canadas Internet community and users. Directors set policy and establish strategy to help manage the dot-ca domain and support its growth. CIRA invites organizations representing three stakeholder groups (Internet users, Commercial Internet interests, and CIRA Certified Registrars) to express their interest in providing representation on the CIRA Board by appointing Directors for the 2006-2007 Board term. Please visit http://www.cira.ca/news-releases/162.html for information on how to become involved. Mesdames/Messieurs, Est-ce que quelquun contrôle vraiment lInternet? Non mais votre organisme peut aider à gérer lespace Internet canadien. LAutorité canadienne pour les enregistrements Internet (ACEI), qui exploite le domaine Internet point ca, est à la recherche dorganismes intéressés à nommer des administrateurs à son conseil dadministration pour lannée 2006-2007. Bâti et exploité par des Canadiens et pour des Canadiens, le domaine point ca constitue une ressource de grande valeur qui connaît une croissance soutenue. Les membres du conseil dadministration de lACEI représentent la diversité et les intérêts de la collectivité de lInternet au Canada. Les administrateurs de lACEI établissent des politiques et des stratégies pour aider à la gestion du domaine point ca et pour soutenir sa croissance. LACEI invite des organismes représentant trois groupes (Utilisateurs de lInternet, Entités commerciales de lInternet, et les Registraires agréés de lACEI) à manifester leur intérêt à faire partie du conseil d'administration de l'ACEI en y déléguant un de leurs membres pour le mandat 2006-2007 du conseil : Visitez le site http://www.cira.ca/news-releases-french/148.html pour en savoir plus sur la façon de joindre notre équipe. Best regards/Meilleures salutations, Julie Lépine Marketing & Communications CIRA / ACEI 350 Sparks Street Suite 1110 Ottawa, Ontario K1R 7S8 1-877-860-1411 ext. 229
I have installed Fedora Core 4 on my firewall machine. My networked machines can browse the web, but I cannot access the loopback device, eg, for SWAT configuration. ifconfig lo shows the loopback interface to be UP and RUNNING at inet addr 127.0.0.1 ping localhost results in 100% packet loss The routing tables do not show a loopback entry, and if I try to add one I get errors. Can anyone tell me what's going on? -- -Dan Dr. Dan Martin, MD, CCFP, BSc, BCSc (Hon) GP Hospital Practitioner Computer Science grad student ummar143@cc.umanitoba.ca (204) 831-1746 answering machine always on
Dan Martin wrote:
I have installed Fedora Core 4 on my firewall machine. My networked machines can browse the web, but I cannot access the loopback device, eg, for SWAT configuration.
ifconfig lo shows the loopback interface to be UP and RUNNING at inet addr 127.0.0.1
ping localhost results in 100% packet loss
The routing tables do not show a loopback entry, and if I try to add one I get errors.
Can anyone tell me what's going on?
Not entirely, but here's a bit of info that might help. I just did a "netstat -r" on Red Hat 9, FC1, FC3 and FC4. On RH9 & FC1, "lo" appears in the routing table output by netstat, while on FC3 & 4 it doesn't. Maybe it's a 2.6 kernel thing, but for whatever reason it seems "lo" doesn't need to be in the routing table for FC3 & 4. I tried "ping localhost" on 2 different FC4 systems, though, as well as 1 FC3 system, and all worked fine. They all have a fairly default configuration of iptables on them, as setup by system-config-securitylevel. It might be worth a look at your own iptables configuration to see if something is amiss there, especially if you're running a non-standard (from a RH/Fedora perspective) setup. -- Gilles R. Detillieux E-mail: <grdetil@scrc.umanitoba.ca> Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/ Dept. Physiology, U. of Manitoba Winnipeg, MB R3E 3J7 (Canada)
Thanks very much - you saved me much wasted time I would have spent playing with the routing tables. I imported my firewall from a Mandrake system using the 2.4 kernel. I was using NAT to allow my private network machines access to the internet. I had the same functionality in Fedora Core 4 - everything worked except the loopback interface, in spite of having rules in the "filter" chains to ACCEPT all traffic going in or out of the loopback interface. It appears that the 2.6 kernel under FC 4 was NATing packets to or from the loopback interface, something that simply didn't occur in the older system. I added rules at the beginning of the "nat" table to ACCEPT all loopback interface traffic, and I am now able to ping the loopback and get a reply. Thanks for steering me in the right direction. Gilles Detillieux wrote:
Dan Martin wrote:
I have installed Fedora Core 4 on my firewall machine. My networked machines can browse the web, but I cannot access the loopback device, eg, for SWAT configuration.
ifconfig lo shows the loopback interface to be UP and RUNNING at inet addr 127.0.0.1
ping localhost results in 100% packet loss
The routing tables do not show a loopback entry, and if I try to add one I get errors.
Can anyone tell me what's going on?
Not entirely, but here's a bit of info that might help. I just did a "netstat -r" on Red Hat 9, FC1, FC3 and FC4. On RH9 & FC1, "lo" appears in the routing table output by netstat, while on FC3 & 4 it doesn't. Maybe it's a 2.6 kernel thing, but for whatever reason it seems "lo" doesn't need to be in the routing table for FC3 & 4. I tried "ping localhost" on 2 different FC4 systems, though, as well as 1 FC3 system, and all worked fine. They all have a fairly default configuration of iptables on them, as setup by system-config-securitylevel.
It might be worth a look at your own iptables configuration to see if something is amiss there, especially if you're running a non-standard (from a RH/Fedora perspective) setup.
-- -Dan Dr. Dan Martin, MD, CCFP, BSc, BCSc (Hon) GP Hospital Practitioner Computer Science grad student ummar143@cc.umanitoba.ca (204) 831-1746 answering machine always on
participants (3)
-
Dan Martin -
gedetil@cs.umanitoba.ca -
Gilles Detillieux