4

This SF Answer helped me after nerve's answer below:

No network loopback device after security update ubuntu 12.04

Original Question

I've been Google-ing and banging my head against the wall for a couple of hours on this one.

  • The server can ping all outside address (Google.com, Yahoo.com, Microsoft.com, etc).
  • The server can't ping itself (127.0.0.1 or any static IP address on this machine)
  • I can ping the server remotely.
  • Pinging a domain name on the server does translate the domain to the correct IP... but the server can't access that IP address

This use to be working up to a week ago and I'm not sure what changed. I found out as I had a cron job that went out to a web page on a server with "wget" to download a report. That report stopped happening.

wget hangs and I believe it's related to the fact that the server is not allowing connecting to itself.

  • I did play around with denyhosts last week and I did try turning denyhosts off as well as verify 127.0.0.1 is in hosts.allow and the server IP addresses are not in hosts.deny and checked all denyhost files in /var/lib/denyhosts. I couldn't find any of my server's IP address.

  • I also checked IPtables and I didn't see any rules there and I did follow some instructions to "turn off" IPTables (set rules to allow) and that had no affect.

  • I checked to make sure ECHO responses are on for ping and I did not find any configuration settings turning it off (and I can ping the server remotely).

  • ifconfig correctly lists all of my IP address.

  • I checked auth.log and sysconf log and couldn't find anything helpful there.

I'm out of ideas of what to try next? Are there any other suggestions or ideas?

update

Per Mark Wagner's comment, the output of sysctl net.ipv4.icmp_echo_ignore_all is:

net.ipv4.icmp_echo_ignore_all = 0

I'm also checking on the loopback device (lo). I did come across some discussion about that. I'll look into that some more but here's my ifconfig (masked some of my IP address). I don't see any lo in there, but perhaps I didn't put the right option in either.

Also, I get the same problem if I try to ping one of the IP address as well, such as ping 66.###.###.## or if I ping the domain name:

# ping www.mysite.com
PING mysite.com (66.180.###.##) 56(84) bytes of data.
// no response until I kill it
--- mysite.com ping statistics ---
91 packets transmitted, 0 recieved, 100% packet loss, time 90004ms

ifconfig...

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:129685386 errors:0 dropped:0 overruns:0 frame:0
          TX packets:191460906 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:14581051788 (14.5 GB)  TX bytes:233758055307 (233.7 GB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:66.###.###.##  P-t-P:66.###.###.##  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:66.###.###.##  P-t-P:66.###.###.##  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:2  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:66.###.###.##  P-t-P:66.###.###.##  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:3  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:66.###.###.##  P-t-P:66.###.###.##  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:4  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:66.###.###.##  P-t-P:66.###.###.##  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:5  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:66.###.###.##  P-t-P:66.###.###.##  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
Community
  • 1
jmbertucci
  • 153
  • 1
  • 1
  • 7
  • 2
    What is the output of `sysctl net.ipv4.icmp_echo_ignore_all`? – Mark Wagner Mar 25 '13 at 23:15
  • How did `venet0` get the address `127.0.0.1`?! – Michael Hampton Mar 26 '13 at 01:36
  • @MichaelHampton No idea. This was a standard Ubuntu setup from our web host. I see I lost the loopback device after a recent update and reboot and I'm not sure if that had anything to do with it or if our host set it up that way to start. What should it be? – jmbertucci Mar 26 '13 at 01:43
  • That looks like an OpenVZ based VPS. I'll just add this to the (lengthy) list of reasons why I won't use it. – Michael Hampton Mar 26 '13 at 01:45
  • It is a dedicated VPS server but I don't know if it's OpenVZ or not. Though, we are switching to a cloud hosted server this year, as time permits. I'll have to keep that in mind during the switch. – jmbertucci Mar 26 '13 at 01:47

1 Answers1

3

I know you had said that the IP addresses were showing up in ifconfig, but is the loop back device (lo) showing up in the ifconfig as well? the behavior you're describing sounds exactly like the behavior that would occur were you to run ifdown lo.

Greg Dubicki
  • 1,191
  • 1
  • 14
  • 30
nerve
  • 176
  • 5
  • Thanks nerve. Your answer led to me double checking the `lo` setup, which I did come across in my research but didn't fully understand what I was looking for. That lead to this SF answer that got things back working again. http://serverfault.com/questions/443491/no-network-loopback-device-after-security-update-ubuntu-12-04 – jmbertucci Mar 26 '13 at 01:49