iptables rule for loopback interface lo

I want to test some network performance, where I need to use a tcp client to connect to a tcp server program on the same host, so I used localhost(127.0.0.1) however, when the TCP SYN is sent, it get an RESET

12:04:27.550292 IP localhost.55047 > localhost.54000: Flags [S], seq 1451460422, win 43690, options [mss 65495,sackOK,TS val 2409691925 ecr 0,nop,wscale 7], length 0
12:04:27.550319 IP localhost.54000 > localhost.55047: Flags [R.], seq 0, ack 1451460423, win 0, length 0

I think the issue is the iptables rules.

from iptables-restore for INPUT, I have

    -A INPUT -i lo -j ACCEPT
    -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -i em1 -p tcp -m tcp --dport 54000 -j ACCEPT
    -A INPUT -i em1 -p tcp -m tcp --dport 51000 -j ACCEPT
    -A INPUT -i em1 -p tcp -m tcp --dport 30000 -j ACCEPT
    -A INPUT -i em1 -p tcp -m tcp --dport 54001 -j ACCEPT
    -A INPUT -i em1 -p tcp -m tcp --dport 30001 -j ACCEPT
    -A INPUT -i em1 -p udp -m udp --dport 54000 -j ACCEPT
    -A INPUT -i em1 -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -i em1 -p udp -m udp --dport 5000 -j ACCEPT
    -A INPUT -j INPUT_direct
    -A INPUT -j INPUT_ZONES

the related line is

     -A INPUT -i lo -j ACCEPT

from iptables --list, I have

    in INPUT (policy DROP)
    target     prot opt source               destination 
    ACCEPT     all  --  anywhere             anywhere    
    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    ACCEPT     icmp --  anywhere             anywhere    
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:54000
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:51000
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:30000
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:54001
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pago-services1
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:54000
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:commplex-main
    INPUT_direct  all  --  anywhere             anywhere

there is no network interface involved (BTW, for this line: ACCEPT all -- anywhere anywhere, what does it mean? it accept all protocol and all ports? )

so what can I modify to allow any traffic related to loopback interface lo? thanks!

misteryes

Posted 2013-05-07T10:33:04.030

Reputation: 2 255

Can't see anything that would block traffic. (Been a while since I used iptables.) See if your app works after iptables --flush. If not, then iptables isn't the problem. – jpaugh – 2013-05-07T10:40:20.773

what does iptables --flush mean? – misteryes – 2013-05-07T11:01:32.503

and from iptables --list, why there is no network interface involved? what is the first line ACCEPT all -- anywhere anywhere mean? – misteryes – 2013-05-07T11:02:24.660

iptables --flush deletes all tables. That makes your network completely unfiltered. (It's only temporary, and can be undone with iptable-restore.) Unless you've configured NAT, or something like that with iptables, then it should let your application work. – jpaugh – 2013-05-07T11:03:24.337

how about my second question? thanks – misteryes – 2013-05-07T11:29:17.613

Why do you think this is iptables? You'd need a "REJECT" rule, which you don't have, and the RST is what you'd get if nothing was actually listening on the port. Check that first (with netstat). That aside, absolutely all of your rules are ACCEPT; what makes you think that anything should ever be dropped/rejected? – Gabe – 2013-05-07T16:23:47.997

iptables rule for loopback interface lo

Answers