I setup a loopback device following [this guide](https://www.thegeekdiary.com/how-to-create-virtual-block-device-loop-device-filesystem-in-linux/) . The device is OK, but only writable for root. I searched solutions and found some answer such as using fusermount, fstab etc., e.g. [this one](https://unix.stackexchange.com/questions/46423/mounting-and-modifying-a-loopback-file-without-sudo-root-is-it-possible) . I would like to know specifically: 1. Requiring root to _create_ the device is **not** a problem, but it must be writable for normal users after mounted. 2. I hope **avoid** using /etc/fstab, because all I need is to do it spontaneously, or in a shellscript, where I have neither a fixed loopback image nor a fixed mount point.

I have the following IPv4 rules: 1. `iptables -t nat -A PREROUTING -d "server ipv4" -p tcp -m tcp --dport 80 -i eth0 - j DNAT --to-destination 127.0.0.1:55555` 2. iptables -P INPUT ACCEPT In addition, I have a simple proxy that listens on the localhost address: 127.0.0.1:55555 In IPv4 it is working well. When I tried to do the same in IPv6: 1. iptables -t nat -A PREROUTING -d "server ipv6 " -p tcp -m tcp --dport 80 -i eth0 -j DNAT --to-destination [::1]:55555 2. ip6tables -P INPUT ACCEPT I can't get it to work! I was able to make it work with: 1. --to-destination ["link-local IPv6"]:55555 2. --to-destination ["Server IPv6"]:55555 When I turn on forwarding and add some log line in filter-table, forward-chain. 1. echo 1 > /proc/sys/net/ipv6/conf/all/forwarding 2. ip6tables -I FORWARD -j LOG --log-prefix='[filter FORWARD] ' I can see the packet. > [268332.372177] [filter FORWARD] IN=eth0 OUT=eth0 > MAC=be:69:fd:2a:9e:bd:0a:08:f1:46:19:a1:86:df SRC= > DST=0000:0000:0000:0000:0000:0000:0000:0001 LEN=80 TC=0 HOPLIMIT=63 > FLOWLBL=0 PROTO=TCP SPT=42082 DPT=55555 WINDOW=28800 RES=0x00 SYN > URGP=0 I can see that the OUT interface is "eth0" and not "lo", and the kernel think that the packet is not intended for this server. I have centOS 7, and I did try this in Ubuntu 16 as well.

On a FreeBSD system with a loopback network interface ...

% ifconfig lo0      
lo0
	link up loopback drv_running running multicast
	nd6 performnud auto_linklocal no_radr
	link rxcsum txcsum hwcsum rxcsum_ipv6 txcsum_ipv6
	link address  metric 0 mtu 16384 
		type 24 linkstate 0 physical 0 baudrate 0 
	inet4 address 127.0.0.1 prefixlen 8 bdaddr 127.0.0.1 
	inet6 address ::1 scope 0 prefixlen 128 bdaddr ::1 scope 0 
	inet6 address fe80::1 scope 3 prefixlen 64 
	inet6 address ::2 scope 0 prefixlen 128 
	inet4 address 127.53.0.1 prefixlen 8 bdaddr 127.53.0.1 
	inet4 address 127.53.1.1 prefixlen 8 bdaddr 127.53.1.1 
%

... pinging the IP address 127.0.0.2, which is not assigned to that (or to any other) network interface results in failure:

% ping -c 1 127.0.0.2  
PING 127.0.0.2 (127.0.0.2): 56 data bytes
ping: sendto: Network is unreachable

--- 127.0.0.2 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
% 

The same is true for OpenBSD:

% ping -c 1 127.0.0.2      
PING 127.0.0.2 (127.0.0.2): 56 data bytes
ping: sendto: Network is unreachable
ping: wrote 127.0.0.2 64 chars, ret=-1
--- 127.0.0.2 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
% 

But on Linux where there is similarly no 127.0.0.2 configured ...

% ifconfig lo
lo
	link up loopback running
	link address 00:00:00:00:00:00 bdaddr 00:00:00:00:00:00 
	inet4 address 127.0.0.1 prefixlen 8 bdaddr 127.0.0.1 
	inet4 address 127.53.0.1 prefixlen 8 bdaddr 127.255.255.255 
	inet6 address ::2 scope 0 prefixlen 128 
	inet6 address fe80:: scope 1 prefixlen 10 
	inet6 address ::1 scope 0 prefixlen 128 
% 

... the ping is surprisingly successful:

% ping -c 1 127.0.0.2
PING 127.0.0.2 (127.0.0.2) 56(84) bytes of data.
64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.044 ms

--- 127.0.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms
% 

How come? # Related questions * "https://unix.stackexchange.com/q/508007/5132 " — the very roundabout question, asking for an explanation of "virtual interfaces", that this question asks straightforwardly * "https://unix.stackexchange.com/q/169410/5132 " — several questions in one, rather than one question per question, and _not in fact answered_ by the purported duplicate * "https://unix.stackexchange.com/q/347825/5132 " — a question about why on Linux the lo interface seems to _also_ control the pingability of IP addresses that are assigned to _other_ network interfaces (behaviour that is similarly not what one gets on the BSDs) * "https://unix.stackexchange.com/q/140008/5132 " — a question about _non-loopback_ behaviour # Other references * Jonathan de Boyne Pollard (2019). [ifconfig](http://jdebp.eu./Softwares/nosh/guide/commands/ifconfig.xml) . _nosh Guide_. Softwares.

I have read the other issues/answers that seem similar to this, but I do not see a match. I have a VNC server running on a unix system. It is listening on 127.0.0.1. I need to be able to connect to the VNC server from an outside system whose IP is not fixed. I want to have the connection via ssh and to keep the VNC server from being seen openly (hence binding to 127.0.0.1). I am using windows 11 with putty as my VNC Client. The VNC server is on a unix system. If I start the VNC server without binding it to 127.0.0.1 (it binds to the external normal IP address) and specify a tunnel on my putty session, then it connects fine. When I bind to the 127.0.0.1 interface and attempt to connect using port 5901, I get a message saying: The connection was dropped by the server before the session could be established. My question is how do I use ssh to forward the connection from host:5901 to localhost:5901 On the sever side? OR can I configure sshd on the server to 'bridge' the unencrypted localhost:5901 to the encrypted host:5901? I am not using '-localhost' on the VNC Server. I am using '-interface 127.0.0.1'. Thanks!

how to check how many loop-devices in a linux system are possible to use? i need this in a script, are not more than X possible, than end the script with some message...

I would like to "overwrite" IP addresses that already exists on the public internet. So, I want to create multiple loopback interfaces on a machine, so I can ping any IP address that I configure from other machines in the same local network, as long as there is a static route configured to the machine containing the loopbacks. What would be the best method, using iproute2? It seems I can create a dummy interface, but also a veth (virtual Ethernet) interface. Is one of these the best solution, or would something else be preferred?

I'm running protonmail-bridge on a server on my home network, and I'd like to have several other machines utilize it as their IMAP/SMTP server without having to run duplicate copies of the bridge everywhere. However, as near as I can tell, protonmail-bridge does not offer any configuration options to instruct it to listen for traffic anywhere except the local loopback interface. I understand the desire to avoid exposing it to public networks, and anticipate the lack of configurability is for that purpose, but if any of the machines I want to connect to it on my home network are compromised, my perimeter is already breached in a much more serious way and so I am unconcerned by the security implications. In attempting to make the protonmail-bridge service accessible, I've tried a number of approaches. I also run an NGinX server on that box, and I initially attempted to set that up as a mail proxy, only to discover the amount of work required is unreasonable (completely removing my existing NGinX service, working around issues with repos I've run into to download new binaries, getting proper flags to compile with the mail extension, etc.). After concluding that approach was excessive, I started trying to reconfigure firewalld (it's a centos 7 box) to assign both loopback and my NIC to the same zone and do port forwarding; that consistently failed as well. Out of curiosity, I explored setting up socat, and succeeded with the following command:

socat -d -d -lmlocal2 TCP4-LISTEN:25,bind=100.100.181.49,su=nobody,fork,range=100.100.181.0/24,reuseaddr TCP4:127.0.0.1:1025

Through that, I was able to telnet to my local NIC's address and reach the protonmail-bridge server. However, I dislike the idea of daemonizing a pair of permanent socat processes just to make this operable. I found a suggestion on doing this with IPTables (in this answer ) and so I shut down firewalld and migrated to using iptables directly. However, having implemented an equivalent rule for my network, I continue to get connection refused when trying to reach the protonmail-bridge service via my internal NIC's address. Is there any way to actually do this by configuring my centos box's built-in services and standard services like iptables or network manager, or do the OS and tools' internal limitations around considering loopback traffic martian mean I will inevitably have to set up some daemons and keep socat tunnels up permanently for both SMTP and IMAP traffic?

I have a stereo. I like it, because the sound is nice, but it's not quite sophisticated engineered: It has an internal USB Card soldered on some board, directly outputting audio to the power amp. Well.. both devices, the USB card and the power amp have their own volume control, and they are (how smart) not in sync. I already hacked the remote , so that it can receive volume commands. Now I want to implement some kind of sync for convenience. Both of my audio sources (shairport-sync and spotifyd) do already support controlling the ALSA volume sliders, so that pressing the volume buttons on my smartphone forwards the signals to the ALSA device (you can verify this with alsamixer). My best guess is something like this: I've never worked with ALSA before and I just started to get familiar with the architecture, but I haven't found any solution yet that would help me implementing this 'Forward' arrow in the graphics. I could deal with the sync script myself, but I honestly have no idea where to start with the ALSA part.

I would like to know if it is possible in linux to receive an UDP packet in userspace that has a 127.0.0.0/8 dst address but coming from an external interface. I tested it with nc and I can see although nc binds to all addresses it doesn't receive the packet. On *Device 1* I manipulated the local routing table to route this packet to desired interface then I send a test packet. **Device 1**:

frr:~# ip route show table local 
...  
127.1.1.1 nhid 17  encap mpls  16 via 10.10.10.5 dev eth5
...
frr:~# echo "foo" | nc -w1 -u -v -s 3.3.3.3 127.1.1.1 3503

**Device 2**:

frr:~# nc -l -u -p 3503

The following packet is generated and captured in wireshark on Device 2 interface: I know that according to RFC 1812 this should never happen. On the other hand this is a valid use case according RFC4379 . The trick here that the packet I'm sending is actually not IP routed but MPLS switched and on the last hop the MPLS label is missing due to PHP (Penultimate Hop Popping) and the goal of using 127.0.0.0/8 address as dst is to make sure that when label stack runs out or no valid nexthop then the router will not forward based on IP address but process the packet. This is called MPLS OAM or LSP Ping.

I recently had a login loop that kept sending me back to the login screen no matter how many times I entered the correct password. I decided to login accessing the terminal directly by pressing cntrl+alt+F1, where I entered my username and password. After doing so, I got the following message: Signature not found in user keyring Perhaps try the interactive 'encryptfs-mount-private' To run a command as administrator (user "root"), use "sudo commando". See "man sudo_root" for details. In any case, I could now access the terminal. However, my

/home/

folder didn't have the files that are usually there, there were just the usual folders (Desktop, Downloads, Videos, etc.) and two new files:

.txt

and

-Your-Private-Data.desktop

. To access the latter, it asked me for my login passphrase, which I don't remember, if I ever set one. After looking for info online I launched the command

chmod 777 /home/

and now I can login through the login screen, but the desktop has the default wallpaper and none of the folders I usually have there. The

/home/

folder is just the same, with the two new files and none of the usual ones. Any idea what is going on and how could I solve it? I'm using Linux mint. Thank you for your responses.

I have an ffmpeg script to do my screencasts. I have Debian 9 at the office and Xubuntu 18.04 at home. On those two operating systems, the following works to record system audio and from my microphone. pacmd set-default-source alsa_output.pci-0000_00_14.2.analog-stereo.monitor ffmpeg \ -thread_queue_size 4096 -f alsa -ac 1 -ar 48000 -i default \ -thread_queue_size 4096 -f alsa -ac 1 -ar 48000 -i plughw:CARD=Device,DEV=0 \ -filter_complex amix=inputs=2 \ -thread_queue_size 4096 -f x11grab -r 30 -s 1920x1080 -i $DISPLAY+1920,0 \ -c:v libx264 -crf 20 -preset veryfast \ -c:a aac -ac 2 -b:a 192k \ -pix_fmt yuv420p -movflags faststart \ ~/Desktop/out.mp4 This uses the pulse 'Monitor of Built-in Audio' to capture desktop audio. Unfortunately, on Debian 10, Xubuntu 19.04 & 19.10, and on Fedora 30, when I want to end my screen recording and press q it does not stop properly. It hangs. Then I have to use ctrl+c multiple times to get back to the prompt. It kills my script and does not run the needed following commands. I will report this bug as soon as I get a chance. I am not sure if it is an ALSA or Pulse bug. I do not think it is an ffmpeg bug because I had the same ffmpeg version on both Debian 9 and Debian 10, and it only occured on Debian 10 and not Debian 9. I have a Lenovo ThinkCentre. There is a front and back audio out and microphone 3.5mm jack. I used a 3.5mm cable to route audio out back in to the microphone jack. It worked, but the audio was poor quality. To do this I used -f alsa -i plughw:CARD=Generic,DEV=0 in my ffmpeg command. By using the ALSA device name, it did not hang on Xubuntu 19.10, etc. I have therefore been trying to get the ALSA Loopback device to work to record the system audio. I have not been able to get it to record at all. I am loading the snd-aloop kernel module at boot. I have tried various configuration options in my ~/.asoundrc including at the bottom of the page here and also here . Here is the output of arecord -L on my system. default Playback/recording through the PulseAudio sound server null Discard all samples (playback) or generate zero samples (capture) pulse PulseAudio Sound Server sysdefault:CARD=Loopback Loopback, Loopback PCM Default Audio Device front:CARD=Loopback,DEV=0 Loopback, Loopback PCM Front speakers surround21:CARD=Loopback,DEV=0 Loopback, Loopback PCM 2.1 Surround output to Front and Subwoofer speakers surround40:CARD=Loopback,DEV=0 Loopback, Loopback PCM 4.0 Surround output to Front and Rear speakers surround41:CARD=Loopback,DEV=0 Loopback, Loopback PCM 4.1 Surround output to Front, Rear and Subwoofer speakers surround50:CARD=Loopback,DEV=0 Loopback, Loopback PCM 5.0 Surround output to Front, Center and Rear speakers surround51:CARD=Loopback,DEV=0 Loopback, Loopback PCM 5.1 Surround output to Front, Center, Rear and Subwoofer speakers surround71:CARD=Loopback,DEV=0 Loopback, Loopback PCM 7.1 Surround output to Front, Center, Side, Rear and Woofer speakers dmix:CARD=Loopback,DEV=0 Loopback, Loopback PCM Direct sample mixing device dmix:CARD=Loopback,DEV=1 Loopback, Loopback PCM Direct sample mixing device dsnoop:CARD=Loopback,DEV=0 Loopback, Loopback PCM Direct sample snooping device dsnoop:CARD=Loopback,DEV=1 Loopback, Loopback PCM Direct sample snooping device hw:CARD=Loopback,DEV=0 Loopback, Loopback PCM Direct hardware device without any conversions hw:CARD=Loopback,DEV=1 Loopback, Loopback PCM Direct hardware device without any conversions plughw:CARD=Loopback,DEV=0 Loopback, Loopback PCM Hardware device with all software conversions plughw:CARD=Loopback,DEV=1 Loopback, Loopback PCM Hardware device with all software conversions sysdefault:CARD=Generic HD-Audio Generic, ALC662 rev3 Analog Default Audio Device front:CARD=Generic,DEV=0 HD-Audio Generic, ALC662 rev3 Analog Front speakers dmix:CARD=Generic,DEV=0 HD-Audio Generic, ALC662 rev3 Analog Direct sample mixing device dmix:CARD=Generic,DEV=2 HD-Audio Generic, ALC662 rev3 Alt Analog Direct sample mixing device dsnoop:CARD=Generic,DEV=0 HD-Audio Generic, ALC662 rev3 Analog Direct sample snooping device dsnoop:CARD=Generic,DEV=2 HD-Audio Generic, ALC662 rev3 Alt Analog Direct sample snooping device hw:CARD=Generic,DEV=0 HD-Audio Generic, ALC662 rev3 Analog Direct hardware device without any conversions hw:CARD=Generic,DEV=2 HD-Audio Generic, ALC662 rev3 Alt Analog Direct hardware device without any conversions plughw:CARD=Generic,DEV=0 HD-Audio Generic, ALC662 rev3 Analog Hardware device with all software conversions plughw:CARD=Generic,DEV=2 HD-Audio Generic, ALC662 rev3 Alt Analog Hardware device with all software conversions sysdefault:CARD=Device USB PnP Audio Device, USB Audio Default Audio Device front:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio Front speakers surround21:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio 2.1 Surround output to Front and Subwoofer speakers surround40:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio 4.0 Surround output to Front and Rear speakers surround41:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio 4.1 Surround output to Front, Rear and Subwoofer speakers surround50:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio 5.0 Surround output to Front, Center and Rear speakers surround51:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio 5.1 Surround output to Front, Center, Rear and Subwoofer speakers surround71:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio 7.1 Surround output to Front, Center, Side, Rear and Woofer speakers iec958:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio IEC958 (S/PDIF) Digital Audio Output dmix:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio Direct sample mixing device dsnoop:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio Direct sample snooping device hw:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio Direct hardware device without any conversions plughw:CARD=Device,DEV=0 USB PnP Audio Device, USB Audio Hardware device with all software conversions sysdefault:CARD=U0x46d0x825 USB Device 0x46d:0x825, USB Audio Default Audio Device front:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio Front speakers surround21:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio 2.1 Surround output to Front and Subwoofer speakers surround40:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio 4.0 Surround output to Front and Rear speakers surround41:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio 4.1 Surround output to Front, Rear and Subwoofer speakers surround50:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio 5.0 Surround output to Front, Center and Rear speakers surround51:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio 5.1 Surround output to Front, Center, Rear and Subwoofer speakers surround71:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio 7.1 Surround output to Front, Center, Side, Rear and Woofer speakers iec958:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio IEC958 (S/PDIF) Digital Audio Output dmix:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio Direct sample mixing device dsnoop:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio Direct sample snooping device hw:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio Direct hardware device without any conversions plughw:CARD=U0x46d0x825,DEV=0 USB Device 0x46d:0x825, USB Audio Hardware device with all software conversions I did the following test run with the loopback devices listed. None of the following recorded the audio I was playing. ffmpeg -f alsa -i loopin -t 10 1.wav ffmpeg -f alsa -i loopout -t 10 2.wav ffmpeg -f alsa -i sysdefault:CARD=Loopback -t 10 3.wav ffmpeg -f alsa -i front:CARD=Loopback,DEV=0 -t 10 4.wav ffmpeg -f alsa -i surround21:CARD=Loopback,DEV=0 -t 10 5.wav ffmpeg -f alsa -i surround40:CARD=Loopback,DEV=0 -t 10 6.wav ffmpeg -f alsa -i surround41:CARD=Loopback,DEV=0 -t 10 7.wav ffmpeg -f alsa -i surround50:CARD=Loopback,DEV=0 -t 10 8.wav ffmpeg -f alsa -i surround51:CARD=Loopback,DEV=0 -t 10 9.wav ffmpeg -f alsa -i surround71:CARD=Loopback,DEV=0 -t 10 10.wav ffmpeg -f alsa -i dmix:CARD=Loopback,DEV=0 -t 10 11.wav ffmpeg -f alsa -i dmix:CARD=Loopback,DEV=1 -t 10 12.wav ffmpeg -f alsa -i dsnoop:CARD=Loopback,DEV=0 -t 10 13.wav ffmpeg -f alsa -i dsnoop:CARD=Loopback,DEV=1 -t 10 14.wav ffmpeg -f alsa -i hw:CARD=Loopback,DEV=0 -t 10 15.wav ffmpeg -f alsa -i hw:CARD=Loopback,DEV=1 -t 10 16.wav ffmpeg -f alsa -i plughw:CARD=Loopback,DEV=0 -t 10 17.wav ffmpeg -f alsa -i plughw:CARD=Loopback,DEV=1 -t 10 18.wav I noticed that pavucontrol did not have any loopback devices listed. So, I ran the following pactl load-module module-loopback. Now it is only listed under the Playback tab and none of the other ones. I have been testing all of this on Xubuntu 18.04, but I also have a Xubuntu 19.10 install. In the past I have tried using ffmpeg with the pulse device, i.e. from pacmd list-sources. This created a 1-2 second delay on the system audio being recorded.

I can use ip addr add 130.100.0.5/32 dev lo to create a loopback interface. However, if I use /etc/sysconfig/network-scripts/ifcfg-lo to config it, it doesn't show up:

DEVICE=lo
IPADDR=130.100.0.5
NETMASK=255.255.255.255
ONBOOT=yes
NAME=myloopback:1

Let me open by saying I have scoured the internet, even companies I purchased the software from and it's been 5 months!! So I am turning to the community as my eyes and brain are bleeding from reading and trying this long getting no where. In short, can this be done, YES. Apparently I am too stupid to do it, however at least I have a huge knowledge of iptables now :-) My requirement: I use protonmail for my email. If you didn't know, it's so secure, that you have to run a "bridge software" running on each machine that needs to send/receive email. I simply want to send emails from myself, to myself, for my smart home, cameras, alerts, etc etc. As you can imagine I can not install this software on 20 devices let alone cameras!!! So I need a single linux server running this software to act as the email "hub" My network is 192.168.10.0/24 no vlans, no complications (pfsense as my router/firewall) I am using mxlinux / debian as my "email host" 192.168.10.106 IMAP is listening on port 1143 SMTP is listening on port 1025 All I wanted to do was make it so that ANY device on my network can use 192.168.10.106 to send emails using SMTP on port 1025. Thought this would be easy..but noooooooooooooooooooo simply because the damn software will ONLY listen on 127.0.0.1 !!! I can not change it to something like 0.0.0.0 etc. First you should know I contacted protonmail directly as it's a paid email service they actually have techs that know what they are doing and talk with you. However, they feel it's a "security risk" to allow their service to listen on 0.0.0.0 so the code will not allow this to be changed. I did the below on the "email server / 192.168.10.106" 1. Edited /etc/sysctl.conf and uncommented the # in front of net.ipv4.ip_forward=1 2. Updated iptables sudo iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.10.0/24 --dport 1025 -j DNAT --to-destination 127.0.0.1:1025 sudo iptables -t nat -A POSTROUTING -o lo -p tcp --dport 1025 -j SNAT --to-source 192.168.10.106 sudo iptables -A FORWARD -i eth0 -o lo -p tcp --dport 1025 -j ACCEPT 3. Make my entries save on reboot and it's going to ask me if I want to save my above tables, I need to say yes, so I will: sudo apt install iptables-persistent 4. Go into MX "firewall configuration" and turn off "public, private and office", basically turn off the firewall 5. Reboot the computer OK now listing out after a reboot it looks like this. I tried from a windows computer on my network 192.168.10.50 to telnet and as you can see I am seeing packets but it's not working :-( :-( :-( :-( :-( :-( :-( :-( :-( :-( :-(

sudo iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 15748 packets, 1719K bytes)
 pkts bytes target     prot opt in     out     source               destination
    5   260 DNAT       tcp   --  eth0  *       192.168.10.0/24      0.0.0.0/0 tcp dpt:1025 to:127.0.0.1:1025

Chain INPUT (policy ACCEPT 15748 packets, 1719K bytes)
 pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 730 packets, 73256 bytes)
 pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 730 packets, 73256 bytes)
 pkts bytes target     prot opt in     out     source               destination

    0     0 SNAT       tcp  --  *      lo      0.0.0.0/0            0.0.0.0/0 tcp dpt:1025 to:192.168.10.106

This is me testing the service on the local host email computer

$ telnet 127.0.0.1 1025
Trying 127.0.0.1... Connected to 127.0.0.1.
Escape character is '^]'.
220 127.0.0.1 ESMTP Service Ready

Notice the dropped packets in eth0 received side

$ uname -a
Linux email 5.10.0-23-amd64 #1 SMP Debian 5.10.179-2 (2023-07-14) x86_64 GNU/Linux

bob@email:~ $ ifconfig
eth0: flags=4163 mtu 1500
        inet 192.168.10.106 netmask 255.255.255.0 broadcast 192.168.10.255
        ether 00:0c:29:63:d5:4f txqueuelen 1000 (Ethernet)
        RX packets 126620 bytes 24077186 (22.9 MiB)
        RX errors 0 dropped 6447 overruns 0 frame 0
        TX packets 30080 bytes 3728557 (3.5 MiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73 mtu 65536
        inet 127.0.0.1 netmask 255.0.0.0
        loop txqueuelen 1000 (Local Loopback)
        RX packets 57 bytes 4931 (4.8 KiB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 57 bytes 4931 (4.8 KiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

None of the above worked so I tried different variations. I also found a command I was suggested to use that did not seem to help but tried it anyway. sysctl -w net.ipv4.conf.eth0.route_localnet=1

I have a question about routing between different network devices within the same Linux host: I created a Geneve network device (and this example is not related to Geneve tunnel; it's just that I happened to create the network link of Geneve type) and assigned an IP address to that device using the following command:

ip link add dev geneve0 type geneve dstport 6081 external
ip link set dev geneve0 up
ip addr add dev geneve0 10.0.0.1/30

When I checked the routing table and here are the outputs:

[root@9097d4d76e67 /]# ip route show table main
default via 172.19.0.1 dev eth0 
10.0.0.0/30 dev geneve0 proto kernel scope link src 10.0.0.1 
172.19.0.0/16 dev eth0 proto kernel scope link src 172.19.0.3

However, when tested out

[root@9097d4d76e67 /]# ip route get 10.0.0.1   
local 10.0.0.1 dev lo src 10.0.0.1 uid 0 
    cache

And it looks like the packet with daddr of 10.0.0.1 should be routed to the lo interface? Why is that? I did some research, and it seem relating to the local routing table

[root@9097d4d76e67 /]# ip route show table local
local 10.0.0.1 dev geneve0 proto kernel scope host src 10.0.0.1 
broadcast 10.0.0.3 dev geneve0 proto kernel scope link src 10.0.0.1 
...

So I guess kernel decide to use local routing table to route the packets, and I understand that local routing table has a higher priority. My question is: what I should do to force the packets being routed to geneve0 device? I tried deleting that rule from local routing table (I am not sure if I am supposed to do that):

[root@9097d4d76e67 /]# ip route del table local 10.0.0.1 dev geneve0
[root@9097d4d76e67 /]# ip route get 10.0.0.1                        
10.0.0.1 dev geneve0 src 10.0.0.1 uid 0 
    cache

Now ip route seems returns correct device However, when I tested out with real traffic, when the packets are reaching eth0, and then are DNAT to 10.0.0.1 ip ip table rule in PREROUTING stage, and the packets that are DNATed are not routed to geneve0 device as I would expect, anyone knows why? Is it related to ARP?

I've done an ssh remote port forwarding:

@host1.a.com% ssh -R 127.0.0.1:11999:host2.a.com:99 me@host3.b.com

My understanding is that this creates a TCP socket on host3.b.com's localhost port 11999. I then checked that from host3.b.com I can indeed access the service exposed at host3.b.com's localhost port 11999. I've also checked that I can login to host3.b.com with a different ssh session (thus creating a new login shell) and can also access the service exposed at host3.b.com's localhost port 11999. This kind of scares me. I naively thought I'd get a different loopback interface for each login shell, but apparently not. My question is: what about other people who can log into host3.b.com like my friend buddy and my enemy aHacker? Do they get assigned to the same loopback interface that I get when I log into host3.b.com? Or do they get their own private loopback interfaces and can't see my open port on my host3.b.com's localhost:11999? Is there a way to make sure that I'm the only user who can access a forwarded port?

So far I use multicast with ipv4 and it works; all involved computers run linux. I listen on two machines and send on one of those two (in a separate terminal). In the below example 'Hello 1' is received on the sending machine (strawberry) and on the remote machine (ero).

ero:~$ sudo ip addr add 224.4.19.42 dev enp4s0 autojoin
ero:~$ netcat -l -k -u -p 9988

strawberry:~ $ sudo ip addr add 224.4.19.42 dev wlan0 autojoin
strawberry:~ $ netcat -l -k -u -p 9988

strawberry:~ $ echo "Hello 1" | netcat -s 192.168.178.109 -w 0 -u 224.4.19.42 9988

With ipv6 it works as long as only remote machines listen; 'Hello 2' in the below example is received by ero. Once the sender (strawberry) has also joined the multicast group, neither the sender (strawberry) nor the remote machine (ero) receives 'Hello 3':

ero:~$ sudo ip addr add ff05:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:4141 dev enp4s0 autojoin
ero:~$ netcat -l -k -u -p 9988

strawberry:~ $ echo "Hello 2" | netcat -w 0 -s 2001:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:76d0 -u ff05:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:4141 9988

strawberry:~ $ sudo ip addr add ff05:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:4141 dev wlan0 autojoin
strawberry:~ $ netcat -l -k -u -p 9988

strawberry:~ $ echo "Hello 3" | netcat -w 0 -s 2001:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:76d0 -u ff05:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:4141 9988

Maybe of interest: when I do not provide a sender address, i.e., no -s option, then the ipv4 example shows the same behaviour as ipv6: message only received as long as strawberry has not joined the multicast group. Thus I tried different sending addresses with ipv6: the global address shown in the example (2001:...), a unique local address (ULA; fd00:...) and a link-local address (LLA; fe80:...). Neither helps. Any hints what I am doing wrong?

After I upgraded to Fedora Linux 36 from 34 (first to 35) I'm getting an issue I had not faced before. The lo interface is losing its inet address and that's causing issues with programs that make heavy use of internal networking like IntelliJ Idea. This is what it looks like right now

lo: flags=73  mtu 65536
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 945854  bytes 68873995 (65.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 945854  bytes 68873995 (65.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

If I run sudo ifconfig lo down && sudo ifconfig lo up then lo gets its address back but if I hibernate the laptop it loses the address again and programs start to crash and not work correctly. Also, after restarting the interface I need to restart the docker service too otherwise I can't access the containers normally. Anyways, I'm not sure why this started happening but I want to fix it, any ideas why it might be happening? Please let me know if you need me to provide more details.

We are seeing UDP packets being reordered and duplicated when being sent over lo. We can see this because we're sending MPEG transport streams, which have their own sequence number in their headers, though it can also be seen by sending the traffic as RTP and seeing packets come in reordered that way. This may be potentially related to this question, though we are not doing large writes, as we're using code that sends data over networks, so our packets fit in 1500 byte frames. We've tried configuring RFS with the default suggested configurations (our lo has only one rx-queue), but this doesn't seem to make a difference. This seems to occur regardless of application, whether its our own UDP/RTP code or an application like srt-live-transmit (we didn't test FFMPEG but it probably behaves similarly). This is on Redhat 8.3 (kernel 4.18.0-240.15.1.el8_3).

I'm trying to modify the network behaviour of my server(s), to simulate *external/WAN connection behaviours* (what ever that means). After doing tc qdisc add dev lo root netem delay 100ms, I can successfully add 100ms delay to all traffic from (and to?) 127.0.0.1. E.g. ping 127.0.0.1 will have 200ms response time. However, this also affect my traffic to other interfaces. For example, I have interface eth1 with IP address 192.168.0.1 on the current server A. If I do ping 192.168.0.1, it will also have the 100ms delay (resulting in 200ms response time). I'm confused by this behaviour. I would expect lo has nothing to do with eth1, but it seems not to be the case. I assume this means Linux kernel automatically identifies 192.168.0.1 is a local address, and re-routes all traffic (originally to eth1) to lo? And if so, is there a way to **disable** this behaviour? ---- Background: I would like to simulate *external network* behaviour even when processes on server A want to communicate to each other (through TCP/IP on the given local addresses and ports, of course). Essentially I want to add delay to eth1, but that's above this question (see my other question ). My servers are running Ubuntu 18.04, but I believe that does not matter.

I would like to add a second loopback network device on Linux, so that I have lo and (e.g.) lo2. This is so that I can use netem to simulate a throttled network over lo2 without compromising my standard loopback interface. Note that I can not use an alias interface here (such as lo:1) since netem will affect the underlying (lo) interface, not the interface alias. How can that be done?