ping: sendmsg: operation not permitted
Dear Friends,
My Intel (865GBF) system runs Mandrake 10.0 Official. It was having one D-Link LAN Card and worked fine as our server. We wanted to attach an ADSL to it and so we have added another LAN Card (This time Realtek). The configuration of the new LAN Card is all right, i suppose. But, later, both of the LAN cards refuse to work. I have removed the new Lan Card but, still my Lan does not work. I am able to ping 127.0.0.1 and the server IP 192.168.2.3 (original IP of the same server). When I ping other machine on the Lan, I am getting the following error: From 192.168.2.3 icmp_seq=1 Destination Host Unreachable Ping: sendmsg: Operation not permitted Anyone to help? Thanks and regards, Sriram. |
Please post the output of "ifconfig"
|
Thanks Avatar,
Here is the ifconfig result. As the server on which the linux runs is not networked, I had to type the ifconfig output manually to post it here.... :(( So, please forgive the spelling mistakes, if any. ----------- #ifconfig eth0 Link encap:Ethernet HWaddr 00:80:48:35:EC:64 inet addr:192.168.2.3 Bcast:192.168.2.255 Mask: 255.255.255.0 inet6 addr: fe80::280:48ff:fe35:ec64/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:763 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:61237 (59.8 Kb) TX bytes:678 (678.0 b) Interrupt:18 Base address:0xec00 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.255.255.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:62 errors:0 dropped:0 overruns:0 frame:0 TX packets:62 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4598 (4.4 Kb) TX bytes:4598 (4.4 Kb) ----------- Thanks in advance. Sriram. |
Well, everything looks good... except the mask for lo should be 255.0.0.0
Let's do the obvious first.. I assume you checked the cables are plugged in securely, and you have also tried a known good cable to the LAN switch. I also assume you tried shutting down and restarting the server. What is "route -n?" (sorry, this will mean more typing, but it might help) |
Hi Avatar,
Thanks for your quicker reply. If I have to change the lo's Mask, how can I do that? Secondly, the cable are tested and good ones. I restarted my Linux box several times. The output of 'route -n' is given below. ------ #route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface ------ I think the output of route -n must be something more. But, I dont get any result than the above. I logged in as root user only to generate this empty output.!!! Thanks and regards, Sriram. |
To change the mask for lo, type this
"ifconfig lo netmask 255.0.0.0" Yes route -n should have some routes in it! Here is mine, for example. Code:
[root@IBMFB1L0DH etc]# route -n try to add some routes to your routing table. More information can be found in the man pages for route, and here: http://linux-ip.net/html/tools-ip-route.html "route add 192.168.2.0 netmask 255.255.255.0 gw 0.0.0.0" "route add 127.0.0.0 netmask 255.0.0.0 gw 0.0.0.0" "route add 0.0.0.0 netmask 0.0.0.0 gw 192.168.2.3" Note; gateway for the last one should be the IP for whatever machine serves the Internet/DNS - if it's you, your own IP. Try it and see if it helps. |
Avatar,
Thanks for your quick reply. I applied ifconfig to change the netmask of lo. It did change the netmask. I tried applying the commands "route add 192.168.2.0 netmask 255.255.255.0 gw 0.0.0.0" etc, but, it did not get through. I got the error message while running the above command. It is : --- route: netmask 000000ff doesn't make sense with host route. --- The rest of the error message is the "man" pages of route. Please help. Thanks, Sriram. |
Avatar,
I searched the man pages and found that 'route add' command example. I modified your command to look like the following. -- route add -net 192.168.2.0 netmask 255.255.255.0 eth0 -- Note that I have added -net portion on your command and removed gw portion, instead added eth0. When I tried the above command, I got the following error: --- SIOCADDRT: File exists --- Please help. Thanks, Sriram. |
Avatar,
I read the man pages carefully and ran the commands to create routes. Now my route -n looks like this. What next has to be done? Can you makeout anything further? ---------- # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.2.3 0.0.0.0 UG 0 0 0 eth0 ---------- Please help. Thanks, Sriram. |
Good, glad you got some routing tables set up. Now... what happens when you try to connect? Like if you try to ping another computer on the same subnet? Ping 192.168.2.XXX?
|
Avatar,
When I ping'ed 192.168.2.80, I got the following (same) reply. ----- Ping: sendmsg: Operation not permitted From 192.168.2.3 icmp_seq=1 Destination Host Unreachable. ----- Please help. Thanks, Sriram. |
Also make sure your "named" service is running (DNS)
|
Blast! Hm.... don't worry we will find the solution just give me a moment
|
Avatar,
Thank you very much for your help and hopes. But, how to find out if the named service is running? Thanks, Sriram. |
What about IPTABLES? Do you have a firewall running and if so, try clearing it. Check with the command "iptables -L INPUT" and "iptables -L OUTPUT" to see if there are any DENY rules.
(More on iptables command options: http://www.faqs.org/docs/iptables/commands.html) |
named:
"service named status" or "service named start" |
Avatar,
The 'named' service was down and I restarted it. But, there is no improvement. I have tried the iptables -L INPUT and Output commands. The following are the results. ------ #iptables -L INPUT Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP !icmp -- anywhere anywhere state INVALID common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix 'Shorewall:INPUT:REJECT:' reject all -- anywhere anywhere #iptables -L OUTPUT Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP !icmp -- anywhere anywhere state INVALID common all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix 'Shorewall:INPUT:REJECT:' reject all -- anywhere anywhere ------ Thanks, Sriram. |
Avatar,
Thanks for all your helps...!!! The firewall Shorewell was enabled and I stopped it and immediately I could ping both ways. Thank you very much and I appreciate. Thanks. Sriram. |
Avatar,
I am going to physically connect the second LAN card now on the machine. What are the issues I have to take care? I want both of the LAN cards work in tandem and the second one should be our Internet Gateway. Please throw some light. TIA, Sriram. |
Glad you got your problem solved! I can't believe I didn't think of that as I also had to disable shorewall on my server.
For your 2 network cards I have the same setup, with eth1 connected to the LAN and eth0 connected to the ADSL modem (Internet.) Eth1 static IP address is be on the same subnet, and your clients' gateway should be the IP address on the LAN side. Eth0 is connected via ppp0 and has a dynamic, public IP address assigned by the ISP. (so don't give it a static IP address). Internet -- eth0 (ppp0) -- server -- eth1 -- LAN Here's my ifconfig, in case it helps. Code:
[root@localhost etc]# ifconfig |
Hi Avatar,
Thanks for your reply. In my ifconfig, pppo is not listed. How can i get it listed? TIA, Sriram. |
Hi, I've a similar problem to br_sriram
When I ping any ip address, I receive the same message operation not permitted I've Fedora 4, and it was working until I update the kernel to 2.6-1.16 I update the kernel via a rpm downloaded from de fedora web page. I try to disable iptables, but this don't work for me .. any help ?? |
I have the same problem me too, except it's only for one of two nic's. I have currently flushed and rebuilt my routing tables, and iptables is empty with default INPUT, OUTPUT, FORWARD set to ACCEPT.
I can ping with my first nic, and get reasonable responses, but with my second nic i get ping: sendmsg: Operation not permitted. and that goes not only for ping, it seems to be something blocking the damn thing, and i can't figure out what :( |
The title of the thread is such and the content good so it comes on google easy.
I just thought it was worth adding to all this that quite often on a LAN the ping error is due to the firewall not letting anything out, and as shorewall is used by many, worth saying "have a look in /etc/shorewall/policy or rules and be sure to have" ACCEPT fw net all (that is accept all outgoing traffic from the fw to the net. It is better than stopping shorewall all together. To restart, as root service shorewall restart (once rules or policy are edited) But you might want to be more granulous than that... |
ping not allowed
hi
I have belkin g router and there's in settings is yes/not allow wan pinging...that's why i'we get that message too.Everything else work's. Check this setting. good luck! |
All times are GMT -5. The time now is 08:06 AM. |