At 02:24 PM 12/19/01 -0500, [EMAIL PROTECTED] wrote: [...] >I need a static Outside IP because it is actually the inside address of my >DMZ. >So set it with 192.168.16.2/24 [...] >I CAN NOT ping past the external card either from the Dachstein box or the >internal network. >I CAN NOT telnet on any port past the external card either from the >Dachstein box or the internal network, so it is not just ICMP. >The error is NOT a network unreachable error, and I think the IP is >configured right. >The response from the failed ping says not permitted.
If the actual message is "sendto: operation not permitted" (quoting error messages EXACTLY is always better than paraphrasing them), then this is most likely a firewall problem. Especially since your external address is in the private-address range, and stock LEAF firewalls block private-range addresses on the external interface. Check your firewall ruleset with "ipchains -L -n -v", and see if there is an input-chain rule that ALLOWs 192.168.16.0/24 BEFORE the one that DENYs (or REJECTs) 192.168.0.0/16 on the external interface. If there is, then you have a different problem. If there isn't, then you need to add one ... I'm not exactly sure what the best way is to do this. (One option is to use the EchoWall firewall scripts, which handle the external interface differently.) -- ------------------------------------"Never tell me the odds!"--- Ray Olszewski -- Han Solo Palo Alto, CA [EMAIL PROTECTED] ---------------------------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
