The ping error you are getting usually means a problem with the firewall
rules. Since you found yourself unable to post configuration details, I
can't say what the specific problem is.
One *guess* is that your ISP uses private-addresses (NAT'ing them upstream
of you for Internet access), and the firewalling built into Dachstein
blocks traffic to/from those addresses on the external interface. Your
reference to your "ISP's onsite router" makes me think this is a good *guess*.
If that is it, either insert a rule that ACCEPTs traffic on the relevant
network (you can do this by hand for a test, then add it to, I think,
/etc/network_direct.conf to automate it later) or switch to a drop-in
firewall package (e.g., EchoWall) that checks the external network and
ACCEPTs traffic to/from it automatically.
The rule for hand insertion is (approximately - this is from memory)
ipchains -I input 1 -d exte.rnal.net.work/netmask -b -j ACCEPT
(I think Dachstein's built-in ruleset relies on the INPUT chain for
private-address filtering, but you *may* need similar rules inserted into
the forward and output chains too. Oh, of course, you need to replace
exte.rnal.net.work/netmask above with the real values for your setup.)
All this is only a guess, though. To comment more definitely, we need
*some* configuration info. It's likely the firewall ruleset that put you
over the top, so try just posting
output of "ip addr show"
output of "netstat -nr"
At 03:21 PM 7/27/02 -0400, [EMAIL PROTECTED] wrote:
>Hello!
>
>I tried to post a request for help including all of the stuff the FAQ said
>I should include, and it was rejected for being too big (>64k). Here is
>my problem in a nutshell:
>I am a student, working for a small museum. Halfway through the summer,
>they decided to get a T1, and setting it up fell to me.
>The ISP's router was installed yesterday, and I've been working on setting
>up a Dacshtein LEAF firewall for some time.
>It has two NICs, both of which are properly initialized by their own
>specific modules (which were both included, thankfully).
>It communicates flawlessly with the internal network, and all the internal
>computers are set up properly to use it as the default gateway.
>Unfortunately, the firewalling rules seem to be blocking all outbound
>traffic (I get ping error type 3 -- "ping: sendto: Operation not
>permitted")
>I can't ping, or, it seems, otherwise communicate with, our ISP's on site
>router, or anything beyond it on the net.
>I just need a simple setup to allow the basic, most common services
>through the firewall (email, web,...). I thought the configs would
>default to something like this, but that is apparently not the case, and I
>am very stuck.
>If any one is inclined to help, and wants more information, just ask, and
>I'll send it out ASAP. The staff of the National Ornamental Metal Museum
>(Memphis, TN) would be most grateful for any assistance - we've been
>email-less for three days!
>Thanks for reading!
--
-----------------------------------------------"Never tell me the
odds!"--------------
Ray Olszewski -- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
-------------------------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
