[lug] ping: sendto operation not permitted
Bill Gjestvang
bill at uncultured.org
Mon Mar 22 19:23:39 MST 2004
If I understand correctly, the firewall can't ping it's own internal
interface (eth1).
Your OUTPUT policy is accept, but your INPUT policy is DROP, and you have
nothing saying to allow packets related to what leaves via OUTPUT on the
internal side.
Maybe try throwing in a
$IPTABLES -A INPUT -i eth1 -d 10.0.0.1 -m state --state
ESTABLISHED,RELATED -j ACCEPT
which is just a clone of your rule for "-i eth0 -d $myip", 5th from last.
-Bill Gjestvang
Ben Luey said:
> I must be doing something very dumb -- I'm getting an intermitent
> problem connecting to my internal network, it seems like a routing
> problem:
>
> ping 10.0.0.1
> ping: sento: Operation not Permitted
> ping: wrote: 10.0.0.1 64 chars, ret=-1
>
> I just setup up debian stable as a firewall, with eth0 a static ip to
> the internet, and eth1 a static ip for my internal network with ip
> 10.0.0.1. During the configuration I'd sometimes get this problem where
> the firewall ignores all internet network stuff. I can't ping anything
> and ip masq fails etc. But at other times it works fine. It looks like
> a route problem, but my route setup is:
>
> route -n
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 128.138.107.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 0.0.0.0 128.138.107.1 0.0.0.0.0 UG 0 0 0 eth0
>
> I don't think this has to do with my iptables configuration, but I've
> attached it in case. Any ideas on what do look for? I can't explain why
> sometimes everything works fine, and just when I'm done with the
> configuration, I get this problem.
>
> Thanks,
>
> Ben
>
>
>
>
>
>
> Ben Luey
> lueyb at jilau1.colorado.edu
More information about the LUG
mailing list