AW: [suse-security] IPCHAINS again (because first mail was digita l signed)
Hi Carlos , your thougth is right. Here a little bit more Info's . Internet Private Network |-------| ------------| FW |----------- |-------| ip 212.185.40.xxx ip range 192.168.xxx.xxx i have icmp rules included but they dont work forwarding rule is masquerade all a ping from the private network to the FW internal NIC causes in an "request time out" also an ping from internal to external. from external i didnt testet it yet I think i beginn with an clean script from scratch. But i have a thinking problem with the masq. rules regards Stephan Gerling -----Ursprüngliche Nachricht----- Von: Carlos Manuel Duclos Vergara [mailto:carlos@embedded.cl] Gesendet: Freitag, 26. Mai 2000 08:40 An: Gerling, Stephan Betreff: Re: [suse-security] IPCHAINS again (because first mail was digital signed) El jue, 25 may 2000, escribiste:
Hi list, I'am trying to set up an firewall with IPCHAINS. If the IPCHAINS-Script is not started, i kann do everything. (i use the same script on an other maschine and it works very fine and i want to change the maschines) But now wenn i start the script, the rules are loaded, but i cannot ping to the outside here the error messages ping wrote xxx.xxx.xxx.xxx 64 chars, ret=-1 ping sendto :Operating is not permitted ip-forwarding is enabled. Has anyone an idea. I'm going sick about this regards, Stephan Gerling
Hi!!!! if you send us your rules, maybe we can see where the problem is.... but, my first thought is enabling icmp forwarding :-) does the other services work allright ? -- Carlos Manuel Duclos Vergara carlos@embedded.cl
as far as i remember, der is special ICMP masq support in kernel configuration ... try to enable this one! greets Markus Gaugusch _____________________________ Markus Gaugusch ICQ 11374583 markus@gaugusch.dhs.org
participants (2)
-
Gerling, Stephan
-
Markus Gaugusch