Re: [Leaf-user] Firewall Setup

Mon, 14 Jan 2002 02:08:54 -0800 

Hi. The excerpt you quote looks like womething I wrote. If that's so ...

... what I was trting to indicate is that if the LEAF router has in place an
ipchains rule that DENYs input going to the address you try to ping (or,
possibly, to your gateway), you will get this message from sendto(). The
action you take in response is to inspect your actual firewall rulesets
(with "ipchins -L -n -v", assuming a 2.2.x kernel) and find the problem
rule. Once you find it, you can backtrack to the problem in the config files.

There is no such thing, **in general**, as "a set of Firewall rules that
will give me at least minimal access to the net". LEAF systems ... both
their out-of-the-box firewalling and add-ins like EchoWall and SeaWall ...
attempt to provide for setting up rulesets to handle the most common forms
of Internet connections. But you, or whoever is troubleshooting your
problem, needs to know what your setup is in order to figure out what
firewalling will work with it.

If you want to check access ***for test purposes only***, you can often do
so by making these changes to your ruleset:

        ipchains -P input ACCEPT
        ipchains -P ourput ACCEPT
        ipchains -F input
        ipchains -F output

This leaves in place ONLY your forward-chain rules, which handle NAT'ing.
But it is embarrassingly insecure, so I wouldn't recommend doing this except
for a brief test.

At 07:08 PM 1/13/02 -0600, [EMAIL PROTECTED] wrote:
>While sifting through docs I found this error which I have been receiving,
while trying to 
>ping any internet IP from the LRP box:
>sendto(): operation not permitted
>It says that this is the result of incorrect setup of the Firewall rules.
Where can I find some 
>documentation on setting up a set of Firewall rules that will give me at
least minimal access 
>to the net (www & email for now).  At least if I can get that working I can
slowly work 
>through the rest.  


--
------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA                                    [EMAIL PROTECTED]        
----------------------------------------------------------------


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to