LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 10-20-2009, 07:50 AM   #1
abusebeat
LQ Newbie
 
Registered: Oct 2009
Location: Vilnius, Lithuania
Posts: 5

Rep: Reputation: 0
package loss - ping: sendmsg: Operation not permitted


hello,
i ran into a problem. my HP ProLiant ML310 G5 server tends to loose packages. That happens with both interfaces. it's a proxy server and browsing gets impossible when that happens. here's some ping output:

~# ping google.com
PING google.com (74.125.53.100) 56(84) bytes of data.
64 bytes from pw-in-f100.google.com (74.125.53.100): icmp_seq=1 ttl=46 time=228 ms
ping: sendmsg: Operation not permitted
64 bytes from 74.125.53.100: icmp_seq=3 ttl=46 time=232 ms
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
64 bytes from 74.125.53.100: icmp_seq=6 ttl=46 time=235 ms
ping: sendmsg: Operation not permitted
64 bytes from pw-in-f100.google.com (74.125.53.100): icmp_seq=8 ttl=46 time=232 ms
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
64 bytes from 74.125.53.100: icmp_seq=13 ttl=46 time=235 ms
64 bytes from pw-in-f100.google.com (74.125.53.100): icmp_seq=14 ttl=46 time=228 ms

--------------------------------

:/# ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.129 ms
64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.166 ms
64 bytes from 192.168.0.2: icmp_seq=4 ttl=64 time=0.146 ms
64 bytes from 192.168.0.2: icmp_seq=5 ttl=64 time=0.129 ms
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
64 bytes from 192.168.0.2: icmp_seq=9 ttl=64 time=0.138 ms
64 bytes from 192.168.0.2: icmp_seq=10 ttl=64 time=0.107 ms
64 bytes from 192.168.0.2: icmp_seq=11 ttl=64 time=0.141 ms
64 bytes from 192.168.0.2: icmp_seq=12 ttl=64 time=0.130 ms

maybe someone has any idea why this happens? after restart ping is ok for about 1 day to 1 week.
i'll be grateful for any help.
 
Old 10-20-2009, 11:27 AM   #2
eth1
Member
 
Registered: May 2008
Posts: 97

Rep: Reputation: 20
Post the output of the following,

Quote:
ifconfig
Quote:
iptables -L
Did you install any firewall such as Shorewall or any iptables rules ?
 
Old 10-21-2009, 01:46 AM   #3
abusebeat
LQ Newbie
 
Registered: Oct 2009
Location: Vilnius, Lithuania
Posts: 5

Original Poster
Rep: Reputation: 0
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:18:71:ea:e5:e3
inet addr:89.117.106.137 Bcast:89.117.106.143 Mask:255.255.255.248
inet6 addr: fe80::218:71ff:feea:e5e3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23834380 errors:0 dropped:0 overruns:0 frame:0
TX packets:19644488 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20072667967 (18.6 GiB) TX bytes:3189597876 (2.9 GiB)
Memory:fdee0000-fdf00000

eth1 Link encap:Ethernet HWaddr 00:1e:0b:5c:e7:3c
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::21e:bff:fe5c:e73c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1300 Metric:1
RX packets:23395135 errors:30172 dropped:0 overruns:0 frame:30172
TX packets:29501081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3548612778 (3.3 GiB) TX bytes:20376501079 (18.9 GiB)
Interrupt:16

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:289305 errors:0 dropped:0 overruns:0 frame:0
TX packets:289305 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:39804613 (37.9 MiB) TX bytes:39804613 (37.9 MiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 -00
inet addr:10.1.0.1 P-t-P:10.1.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:17551 errors:0 dropped:0 overruns:0 frame:0
TX packets:19894 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3270747 (3.1 MiB) TX bytes:3770380 (3.5 MiB)

tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 -00
inet addr:10.69.23.62 P-t-P:10.69.23.61 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:173622 errors:0 dropped:0 overruns:0 frame:0
TX packets:173586 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:10067286 (9.6 MiB) TX bytes:10002126 (9.5 MiB)


# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG_DROP all -- loopback/8 anywhere
ACCEPT all -- anywhere 89.117.106.137 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 89.117.106.137 udp dpt:domain
ACCEPT tcp -- anywhere 89.117.106.137 tcp dpt:ssh
ACCEPT all -- aii.alna.lt 89.117.106.137
ACCEPT all -- mail.veikia.net 89.117.106.137
ACCEPT all -- lan-84-240-5-213.vln.skynet.lt 89.117.106.137
ACCEPT all -- ird.vrm.lt 89.117.106.137
ACCEPT all -- mail2.officeday.lt 89.117.106.137
ACCEPT all -- 89.117.128.5 89.117.106.137
ACCEPT all -- libis.kretvb.lt 89.117.106.137
ACCEPT udp -- aii.alna.lt 89.117.106.137 udp dptpenvpn
ACCEPT udp -- lan09.maxi.lt 89.117.106.137 udp dptpenvpn
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere 89.117.106.137
DROP all -- anywhere anywhere
ACCEPT all -- anywhere 192.168.0.1

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain LOG_CT (0 references)
target prot opt source destination

Chain LOG_DROP (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere

Chain LOG_REJE (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

=================

no firewall. security based on iptables.

i don't think that the problem is with firewall, because there are two equal machines with same OS and same configuration. they are sharing the load, but i have no problem with other machine.
 
Old 10-21-2009, 08:46 AM   #4
abusebeat
LQ Newbie
 
Registered: Oct 2009
Location: Vilnius, Lithuania
Posts: 5

Original Poster
Rep: Reputation: 0
the same ping problem is when pinging 127.0.0.1
 
Old 09-16-2011, 06:55 PM   #5
Azendale
LQ Newbie
 
Registered: Sep 2011
Distribution: Ubuntu, Debian
Posts: 2

Rep: Reputation: Disabled
Smile

I too was having this problem. It turned out that conntrack's number of connections to track was set too low for the amount of connections I had. You can see if this is the case by looking at /var/log/syslog (or wherever syslog is on your system.) If you see the message "ip_conntrack: table full, dropping packet" you can know that is the problem.

To fix this, do something like "echo 200000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max". Then set something like "net.ipv4.netfilter.ip_conntrack_max = 200000" in you /etc/sysctl.conf so the setting will be applied on every restart.

Hopefully that helps some very confused/frustrated people like me. Thanks to blog.rackcorp.com/?p=19 where I finally found the answer!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ping: sendmsg: operation not permitted br_sriram Linux - Networking 24 04-03-2011 11:12 AM
ath5k hostapd AP problem, ping: sendmsg: Operation not permitted bizoo Linux - Wireless Networking 1 07-22-2009 09:06 PM
sendmsg: Operation not permitted on wireless router joe-000 Linux - Wireless Networking 2 07-19-2008 12:53 PM
ping:sendmsg: operation not permitted jeejasmin Linux - Networking 7 04-03-2008 10:15 AM
ping: sendmsg: Operation not permitted kholloi Linux - Networking 0 05-02-2007 05:00 AM


All times are GMT -5. The time now is 02:19 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration