hi folks,
 
i just wanted to say that you should keep in mind that there are different implementations for ping/traceroute.
windows clients are using icmp packets while linux is using udp packets on port 33434+ (afair).
so just try to ping through your firewall from a windows client. it should work if you set up 
ipchains to masq icmp echo-request packets and accept incoming echo-replys.
 
greets
 
jb
-----Ursprüngliche Nachricht-----
Von: Gerling, Stephan [mailto:gerling@kub.de]
Gesendet: Donnerstag, 25. Mai 2000 12:40
An: 'suse-security@suse.com'
Betreff: [suse-security] IPChains

Hi list,
I'am trying to set up an firewall with IPCHAINS.
If the IPCHAINS-Script is not started, i kann do everything. (i use the same script on an other
maschine and it works very fine and i want to change the maschines)
But now wenn i start the script, the rules are loaded, but i cannot ping to the outside

here the error messages
                ping wrote  xxx.xxx.xxx.xxx 64 chars, ret=-1
                ping sendto :Operating is not permitted

ip-forwarding is enabled.

Has anyone an idea. I'm going sick about this

regards,    Stephan Gerling