hi folks, i just wanted to say that you should keep in mind that there are different implementations for ping/traceroute. windows clients are using icmp packets while linux is using udp packets on port 33434+ (afair). so just try to ping through your firewall from a windows client. it should work if you set up ipchains to masq icmp echo-request packets and accept incoming echo-replys. greets jb -----Ursprüngliche Nachricht----- Von: Gerling, Stephan [mailto:gerling@kub.de] Gesendet: Donnerstag, 25. Mai 2000 12:40 An: 'suse-security@suse.com' Betreff: [suse-security] IPChains Hi list, I'am trying to set up an firewall with IPCHAINS. If the IPCHAINS-Script is not started, i kann do everything. (i use the same script on an other maschine and it works very fine and i want to change the maschines) But now wenn i start the script, the rules are loaded, but i cannot ping to the outside here the error messages ping wrote xxx.xxx.xxx.xxx 64 chars, ret=-1 ping sendto :Operating is not permitted ip-forwarding is enabled. Has anyone an idea. I'm going sick about this regards, Stephan Gerling