My knowledge of network interfaces on linux is limited at best, so I was hoping someone could help me figure out the best solution to a problem I have inadvertently caused.
After boot, the loopback device on my workstation doesn't appear to exist. Things requiring the loopback address (such as running JUnit test suites in Eclipse) don't work correctly. However, it used to be fine until recently, not long after I'd been fiddling around with the iptables to forward port 80 to port 8080, so it's probably something I've done, but I have no idea how to fix it, and so far all Googling hasn't turned up any pointers (I probably don't know the right search terms...)
Firstly, the contents of /etc/network/interfaces
:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
pre-up iptables-restore /etc/iptables.conf
post-down /etc/iptables-flush-all
Now, after booting my machine:
$ sudo ifconfig
eth0 Link encap:Ethernet HWaddr 00:24:e8:25:90:5d
inet addr:10.33.1.106 Bcast:10.33.1.255 Mask:255.255.255.0
inet6 addr: fe80::224:e8ff:fe25:905d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:500239 errors:0 dropped:0 overruns:0 frame:0
TX packets:334565 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:617321176 (588.7 MiB) TX bytes:36019254 (34.3 MiB)
Interrupt:26 Base address:0x8000
If I run ifconfig lo 127.0.0.1
, then every thing is fine and the output of ifconfig
changes to:
$ sudo ifconfig
eth0 Link encap:Ethernet HWaddr 00:24:e8:25:90:5d
inet addr:10.33.1.106 Bcast:10.33.1.255 Mask:255.255.255.0
inet6 addr: fe80::224:e8ff:fe25:905d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:606221 errors:0 dropped:0 overruns:0 frame:0
TX packets:407173 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:767892736 (732.3 MiB) TX bytes:42051623 (40.1 MiB)
Interrupt:26 Base address:0x8000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:65 errors:0 dropped:0 overruns:0 frame:0
TX packets:65 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:35668 (34.8 KiB) TX bytes:35668 (34.8 KiB)
So, can anyone help me figure out what I've done to break my loopback address?
Edit 0: Contents of /etc/iptables.conf
:
chris@PC:~$ sudo cat /etc/iptables.conf
# Generated by iptables-save v1.4.8 on Thu Nov 10 17:01:44 2011
*nat
:PREROUTING ACCEPT [2:440]
:POSTROUTING ACCEPT [2:102]
:OUTPUT ACCEPT [1:58]
-A PREROUTING -d 127.0.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination :8080
-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
COMMIT
# Completed on Thu Nov 10 17:01:44 2011
# Generated by iptables-save v1.4.8 on Thu Nov 10 17:01:44 2011
*mangle
:PREROUTING ACCEPT [4787:2521834]
:INPUT ACCEPT [4544:2507689]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4190:913164]
:POSTROUTING ACCEPT [4117:908160]
COMMIT
# Completed on Thu Nov 10 17:01:44 2011
# Generated by iptables-save v1.4.8 on Thu Nov 10 17:01:44 2011
*filter
:INPUT ACCEPT [2699:1514101]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2525:612477]
COMMIT
# Completed on Thu Nov 10 17:01:44 2011
chris@PC:~$ sudo iptables -L -t filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
chris@PC:~$ sudo iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
chris@PC:~$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Edit 1: Commenting out the pre-up and post-down lines for eth0
in my /etc/network/interfaces
appears to eliminate the issue.
My loopback address was properly configured during booting after changing /etc/network/interfaces
to this:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
#pre-up iptables-restore /etc/iptables.conf
#post-down /etc/iptables-flush-all
These 2 lines are intended to load and unload the iptables rules when the interface is enabled and disabled. I've read that this is a better way of configuring the firewall in Debian than loading all the rules at boot time.
The contents of /etc/iptables-flush-all
is:
chris@PC:~$ sudo cat /etc/iptables-flush-all
#!/bin/sh
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush
iptables -t filter --flush
решение1
Does it work without your firewall being loaded?
BTW, "ifconfig" is deprecated; it's best to use "ip" for everything including diagnostics. Not that I think this is related to your problem at all.
решение2
In my case it was matter of proper configuring /etc/hosts.
Get your hostname with the command hostname and set the /etc/hosts this way:
127.0.0.1 localhost 127.0.1.1 HOSTNAME
решение3
In my case it was https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739251 ... I've got iptables-restore in lo pre-up and it included -A INPUT -i ! lo -d 127.0.0.0/8 -j reject which is now deprecated syntax ...
So, if you have line like
pre-up iptables-restore /etc/iptables.up.rules
in /etc/network/interfaces, check that the rules are ok.
In the specific case of 739251 bug, replace
-A INPUT -i ! lo -d 127.0.0.0/8 -j reject
with
-A INPUT ! -i lo -d 127.0.0.0/8 -j reject