Re: ping sendto: operation not permitted

To: Tommi Virtanen <tv@debian.org>
Cc: <debian-firewall@lists.debian.org>
Subject: Re: ping sendto: operation not permitted
From: <bauer@michaelbauer.com>
Date: Sat, 3 Aug 2002 22:36:51 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.33.0208032213310.11679-100000@akari.michaelbauer.com>
In-reply-to: <[🔎] 20020804001636.GA20128@ki.yok.utu.fi>

Thanks.  That was precisely the problem.  The only question was how was I 
getting these firewall rules set this way.  The problem (other than my 
knowing just enough to get into trouble) was that I was in some way 
running "two" firewalls at once.  I installed both IPMASQ and and BASTILLE 
for the firewalls.  I mistakenly thought I needed IPMASQ to run BASTILLE.  
I finally ended up removing IPMASQ and BASTILLE completely then installing 
IPMASQ just by itself.  After days of agony it came up instantly.

I love Bastille for the things that it teaches you about security and for 
the extra things it does for you like turning off SUID for certain 
operations, diabling gcc, and setting tight permissions for files.  I'm 
sure there's a right way to do this out-of-the-box, but I didn't seem to 
do it that way.  

You know, after all the pain of learning dselect (which should take a 
lesson in text-based user interfaces from Bastille), not having the
equivalent of chkconfig from what I could tell, and being mistaken in 
thinking that everything to define networking is in a single file called 
"interfaces", I certainly hope the apt package is worth it.  Debian 
definitely beats RH with apt.  Too bad they couldn't beat it in these 
other areas.  

On Sun, 4 Aug 2002, Tommi Virtanen wrote:

> On Sat, Jul 27, 2002 at 01:12:44AM -0400, bauer@michaelbauer.com wrote:
> >  Let me start by saying I know just enough about Linux to be
> > dangerous.  I have switched to Debian because I've heard so many
> > wonderful things about apt.  After more than a week trying to get
> > things installed I have to say it's been a less than satifying
> > experience.  Certainly a lot of that had to do with trying to do the
> > download over a 56k dialup.  Still, the interface to dselect is
> > nowhere near as nice as something like the InteractiveBastille
> > interface.  Not having something like chkconfig is also a real pain.
> > Nevertheless, I'm almost there but have kind of hit a wall and
> > decided I needed to get some help.
> > So, I am trying to install woody as a firewall for my home.  I've
> > been a bit confused about how to do this.  I've had success with
> > bastille before and thought I'd try that again.  This seemed to be
> > working out, but I got confused and am not sure I completed this
> > correctly.  I don't really understand if bastille is enough, or I
> > had to run ipmasq as well or what.  Anyway, I've tried to turn the
> > firewall off so I can just connect.  I am not being successful at
> > this.  I got pretty far but after getting an IP address from my ISP
> > via dhcp I try to do a simple ping to the ISP gateway and get the
> > message:
> > 
> >   ping sendto: operation not permitted
> 
> 	sendto(2) system call failed with errno EPERM,
> 	operation not permitted => reason is in the
> 	local firewall rules, chain OUTPUT.
> 
> 	Otherwise the sendto(2) would have succeeded,
> 	and the error would come in an ICMP error packet.
> 
> 

-- 
--------------------------------------------------------------------------
Michael Bauer     bauer@michaelbauer.com       http://www.michaelbauer.com

Reply to:

References:
- Re: ping sendto: operation not permitted
  - From: Tommi Virtanen <tv@debian.org>

Prev by Date: Re: ping sendto: operation not permitted
Next by Date: Re: Using pptp through kernel 2.2 or 2.4
Previous by thread: Re: ping sendto: operation not permitted
Next by thread: IP Forwarding - Need a guru.
Index(es):
- Date
- Thread