ping: sendmsg: operation not permitted
 

Dear Friends,

My Intel (865GBF) system runs Mandrake 10.0 Official. It was having one D-Link LAN Card and worked fine as our server. We wanted to attach an ADSL to it and so we have added another LAN Card (This time Realtek). The configuration of the new LAN Card is all right, i suppose. But, later, both of the LAN cards refuse to work. I have removed the new Lan Card but, still my Lan does not work.

I am able to ping 127.0.0.1 and the server IP 192.168.2.3 (original IP of the same server).

When I ping other machine on the Lan, I am getting the following error:

From 192.168.2.3 icmp_seq=1 Destination Host Unreachable
Ping: sendmsg: Operation not permitted

Anyone to help?
Thanks and regards,
Sriram.

Please post the output of "ifconfig"

Thanks Avatar,

Here is the ifconfig result. As the server on which the linux runs is not networked, I had to type the ifconfig output manually to post it here.... :(( So, please forgive the spelling mistakes, if any.
-----------
#ifconfig
eth0 Link encap:Ethernet HWaddr 00:80:48:35:EC:64
inet addr:192.168.2.3 Bcast:192.168.2.255 Mask: 255.255.255.0
inet6 addr: fe80::280:48ff:fe35:ec64/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:763 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:61237 (59.8 Kb) TX bytes:678 (678.0 b)
Interrupt:18 Base address:0xec00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.255.255.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:62 errors:0 dropped:0 overruns:0 frame:0
TX packets:62 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4598 (4.4 Kb) TX bytes:4598 (4.4 Kb)


-----------




Thanks in advance.
Sriram.

Well, everything looks good... except the mask for lo should be 255.0.0.0

Let's do the obvious first.. I assume you checked the cables are plugged in securely, and you have also tried a known good cable to the LAN switch.

I also assume you tried shutting down and restarting the server.

What is "route -n?" (sorry, this will mean more typing, but it might help)

Hi Avatar,
Thanks for your quicker reply.

If I have to change the lo's Mask, how can I do that?

Secondly, the cable are tested and good ones. I restarted my Linux box several times. The output of 'route -n' is given below.

------
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
------

I think the output of route -n must be something more. But, I dont get any result than the above. I logged in as root user only to generate this empty output.!!!

Thanks and regards,
Sriram.

To change the mask for lo, type this
"ifconfig lo netmask 255.0.0.0"

Yes route -n should have some routes in it! Here is mine, for example.

Note; my computer is a client, not a server.

try to add some routes to your routing table. More information can be found in the man pages for route, and here: http://linux-ip.net/html/tools-ip-route.html

"route add 192.168.2.0 netmask 255.255.255.0 gw 0.0.0.0"
"route add 127.0.0.0 netmask 255.0.0.0 gw 0.0.0.0"
"route add 0.0.0.0 netmask 0.0.0.0 gw 192.168.2.3"

Note; gateway for the last one should be the IP for whatever machine serves the Internet/DNS - if it's you, your own IP.

Try it and see if it helps.

Avatar,
Thanks for your quick reply.

I applied ifconfig to change the netmask of lo. It did change the netmask.

I tried applying the commands "route add 192.168.2.0 netmask 255.255.255.0 gw 0.0.0.0" etc, but, it did not get through. I got the error message while running the above command.

It is :
---
route: netmask 000000ff doesn't make sense with host route.
---
The rest of the error message is the "man" pages of route.

Please help.

Thanks,
Sriram.

Avatar,

I searched the man pages and found that 'route add' command example. I modified your command to look like the following.

--
route add -net 192.168.2.0 netmask 255.255.255.0 eth0
--
Note that I have added -net portion on your command and removed gw portion, instead added eth0. When I tried the above command, I got the following error:

---
SIOCADDRT: File exists
---


Please help.

Thanks,
Sriram.

Avatar,

I read the man pages carefully and ran the commands to create routes. Now my route -n looks like this. What next has to be done? Can you makeout anything further?

----------
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.3 0.0.0.0 UG 0 0 0 eth0
----------

Please help.

Thanks,
Sriram.

Good, glad you got some routing tables set up. Now... what happens when you try to connect? Like if you try to ping another computer on the same subnet? Ping 192.168.2.XXX?

Avatar,

When I ping'ed 192.168.2.80, I got the following (same) reply.
-----
Ping: sendmsg: Operation not permitted
From 192.168.2.3 icmp_seq=1 Destination Host Unreachable.
-----
Please help.

Thanks,
Sriram.

Also make sure your "named" service is running (DNS)

Blast! Hm.... don't worry we will find the solution just give me a moment

Avatar,
Thank you very much for your help and hopes.

But, how to find out if the named service is running?

Thanks,
Sriram.

What about IPTABLES? Do you have a firewall running and if so, try clearing it. Check with the command "iptables -L INPUT" and "iptables -L OUTPUT" to see if there are any DENY rules.

(More on iptables command options: http://www.faqs.org/docs/iptables/commands.html)

named:

"service named status" or "service named start"

Avatar,
The 'named' service was down and I restarted it. But, there is no improvement. I have tried the iptables -L INPUT and Output commands. The following are the results.

------
#iptables -L INPUT
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix 'Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere


#iptables -L OUTPUT
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix 'Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere



------

Thanks,
Sriram.

Avatar,

Thanks for all your helps...!!! The firewall Shorewell was enabled and I stopped it and immediately I could ping both ways.

Thank you very much and I appreciate.

Thanks.
Sriram.

Avatar,

I am going to physically connect the second LAN card now on the machine. What are the issues I have to take care? I want both of the LAN cards work in tandem and the second one should be our Internet Gateway. Please throw some light.

TIA,
Sriram.

Glad you got your problem solved! I can't believe I didn't think of that as I also had to disable shorewall on my server.

For your 2 network cards I have the same setup, with eth1 connected to the LAN and eth0 connected to the ADSL modem (Internet.)

Eth1 static IP address is be on the same subnet, and your clients' gateway should be the IP address on the LAN side.

Eth0 is connected via ppp0 and has a dynamic, public IP address assigned by the ISP. (so don't give it a static IP address).

Internet -- eth0 (ppp0) -- server -- eth1 -- LAN

Here's my ifconfig, in case it helps.

Hi Avatar,

Thanks for your reply. In my ifconfig, pppo is not listed. How can i get it listed?

TIA,
Sriram.

Hi, I've a similar problem to br_sriram
When I ping any ip address, I receive the same message
operation not permitted

I've Fedora 4, and it was working until I update the kernel to 2.6-1.16
I update the kernel via a rpm downloaded from de fedora web page.

I try to disable iptables, but this don't work for me ..

any help ??

I have the same problem me too, except it's only for one of two nic's. I have currently flushed and rebuilt my routing tables, and iptables is empty with default INPUT, OUTPUT, FORWARD set to ACCEPT.
I can ping with my first nic, and get reasonable responses, but with my second nic i get
ping: sendmsg: Operation not permitted.
and that goes not only for ping, it seems to be something blocking the damn thing, and i can't figure out what :(

The title of the thread is such and the content good so it comes on google easy.

I just thought it was worth adding to all this that quite often on a LAN the ping error
is due to the firewall not letting anything out, and as shorewall is used by many,
worth saying "have a look in /etc/shorewall/policy or rules and be sure to have"
ACCEPT fw net all
(that is accept all outgoing traffic from the fw to the net.
It is better than stopping shorewall all together. To restart, as root
service shorewall restart (once rules or policy are edited)
But you might want to be more granulous than that...

ping not allowed
 

hi
I have belkin g router and there's in settings is yes/not allow wan pinging...that's why i'we get that message too.Everything else work's.
Check this setting.

good luck!