OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • sendto failed: Permission denied errno=13
« previous next »
  • Print
Pages: [1]

Author Topic: sendto failed: Permission denied errno=13  (Read 8702 times)

dirkhschulz

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
sendto failed: Permission denied errno=13
« on: May 08, 2019, 02:01:17 pm »
I have a new install of OpnSense 19.1.4 installed in a VM on KVM with lots of subnets behind it and WAN interface attached to a bridge where I can use iptables / ebtables, to log passing network packets.

Routing and similar stuff works fine, but local requests originating from the OpnSense are not leaving the OpnSense.

Example for unbound in forwrding mode reqesting the upstream server:
unbound: [25365:0] notice: sendto failed: Permission denied

Using telnet or openssl in the shell of the OpnSense leads to the same error.

I can see that
- these packages are logged in the firewall logs as leaving through the WAN interface
- these packages never show up on the bridge of the KVM server
- requests to the same targets from behind the OpnSense (from "inside") are routed to these target IPs perfectly and can be seen on ebtables / iptables as passing.

Funny thing is that Intrusion Detection is disabled, but these "permission denied" messages seem to always come from there if you google them.

Any hint or help would be appreciated.

Dirk
« Last Edit: May 12, 2019, 03:29:49 pm by dirkhschulz »
Logged

dirkhschulz

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: sendto failed: Permission denied
« Reply #1 on: May 12, 2019, 03:26:49 pm »
This is rightout weird.

I have tried several setups (with public WAN IP, private WAN IP, whatever).

The symptom is always the same:

1. Every requests going outside via the WAN interface is blocked (permission denied, errno=13), even if the firewall is disabled completely (pfctl -d).
2a. I can add a floating rule for the connection to an external DNS server. As long as I explicitly define the DNS server as destination, DNS requests to the outside are working and can bee seen on the KVM servers bridge connected to the WAN interface.
2b. The floating rule does not work if destination is "any" - not even for DNS-Requests.
3. Whatever additional floating rules for destinations outside WAN interface I add to allow traffic - nothing works, noting reaches the KVM server's bridge.
4. The default behaviour "outgoing traffic via WAN interface accepted" does not work.

Anyone any idea out there?
Logged

dirkhschulz

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: sendto failed: Permission denied errno=13 - I gave up
« Reply #2 on: May 13, 2019, 09:58:50 am »
I gave up on this. OpenBSD does the job von CentOS7&KVM pretty straightforward, so I give up on deploying OpnSense for this use case.
OpnSense is working really good in a VM on VMware (Fusion in my case) but version 19.1 is not usable on KVM on CentOS 7, as far as I can tell.
Logged

ssbarnea

  • Newbie
  • *
  • Posts: 24
  • Karma: 0
    • View Profile
Re: sendto failed: Permission denied errno=13
« Reply #3 on: September 04, 2019, 11:07:18 am »
I still see `notice: sendto failed: Permission denied` in the logs with 19.7 version without any clue of what can be wrong.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • sendto failed: Permission denied errno=13
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2