The ping error you are getting usually means a problem with the firewall rules. Since you found yourself unable to post configuration details, I can't say what the specific problem is.
One *guess* is that your ISP uses private-addresses (NAT'ing them upstream of you for Internet access), and the firewalling built into Dachstein blocks traffic to/from those addresses on the external interface. Your reference to your "ISP's onsite router" makes me think this is a good *guess*. If that is it, either insert a rule that ACCEPTs traffic on the relevant network (you can do this by hand for a test, then add it to, I think, /etc/network_direct.conf to automate it later) or switch to a drop-in firewall package (e.g., EchoWall) that checks the external network and ACCEPTs traffic to/from it automatically. The rule for hand insertion is (approximately - this is from memory) ipchains -I input 1 -d exte.rnal.net.work/netmask -b -j ACCEPT (I think Dachstein's built-in ruleset relies on the INPUT chain for private-address filtering, but you *may* need similar rules inserted into the forward and output chains too. Oh, of course, you need to replace exte.rnal.net.work/netmask above with the real values for your setup.) All this is only a guess, though. To comment more definitely, we need *some* configuration info. It's likely the firewall ruleset that put you over the top, so try just posting output of "ip addr show" output of "netstat -nr" At 03:21 PM 7/27/02 -0400, [EMAIL PROTECTED] wrote: >Hello! > >I tried to post a request for help including all of the stuff the FAQ said >I should include, and it was rejected for being too big (>64k). Here is >my problem in a nutshell: >I am a student, working for a small museum. Halfway through the summer, >they decided to get a T1, and setting it up fell to me. >The ISP's router was installed yesterday, and I've been working on setting >up a Dacshtein LEAF firewall for some time. >It has two NICs, both of which are properly initialized by their own >specific modules (which were both included, thankfully). >It communicates flawlessly with the internal network, and all the internal >computers are set up properly to use it as the default gateway. >Unfortunately, the firewalling rules seem to be blocking all outbound >traffic (I get ping error type 3 -- "ping: sendto: Operation not >permitted") >I can't ping, or, it seems, otherwise communicate with, our ISP's on site >router, or anything beyond it on the net. >I just need a simple setup to allow the basic, most common services >through the firewall (email, web,...). I thought the configs would >default to something like this, but that is apparently not the case, and I >am very stuck. >If any one is inclined to help, and wants more information, just ask, and >I'll send it out ASAP. The staff of the National Ornamental Metal Museum >(Memphis, TN) would be most grateful for any assistance - we've been >email-less for three days! >Thanks for reading! -- -----------------------------------------------"Never tell me the odds!"-------------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html