Gandi Docs

 |   AAA  |    fr   en  

You are on a question's page

Managing your servers
new
Table of Contents

Question "ping does not work", by Zenon P.

The problem: 

# ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
ping: sendmsg: Operation not permitted

# ifconfig |grep inet
          inet addr:92.243.8.60  Bcast:92.243.15.255  Mask:255.255.248.0

# nmap -sP 92.243.8.0/24
[...]
Host xvm-8-64.ghst.net (92.243.8.64) appears to be up.
MAC Address: 00:16:3E:2F:2C:F4 (Xensource)

# ping 92.243.8.64
PING 92.243.8.64 (92.243.8.64) 56(84) bytes of data.
ping: sendmsg: Operation not permitted

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I don't grasp why nmap can do its ping scan while ping itself cannot, but something is very wrong here. This is an almost virgin Centos installation (three hours old, nothing changed, only a couple of packages added), so the problem comes from Gandi. Any ideas anyone?

Z

Follow-up, by Zenon P.

It still makes no sense to me, but perhaps it makes sense to somebody else. Note EPERM towards the end of line 5. 

# strace -s 128 ping -n -d 64.233.167.99

[snipped loading libraries etc...]

gettimeofday({1213098634, 482222}, NULL) = 0
poll([{fd=3, events=POLLIN|POLLERR}], 1, 12) = 0
gettimeofday({1213098634, 501958}, NULL) = 0
gettimeofday({1213098634, 502023}, NULL) = 0
sendmsg(3, {msg_name(16)={sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("64.233.167.99")}, msg_iov(1)=[{"\10\0X\226\315\10\0\2\212jNH\7\251\7\0\10\t\n\v\f\r\16\17\20\21\22\23\24\25\26\27\30\31\32\33\34\35\36\37 !\"#$%&\'()*+,-./01234567", 64}], msg_controllen=0, msg_flags=0}, 0) = -1 EPERM (Operation not permitted)
recvmsg(3, 0xbfd5eb18, MSG_ERRQUEUE|MSG_DONTWAIT) = -1 EAGAIN (Resource temporarily unavailable)
dup(2)                                  = 4
fcntl64(4, F_GETFL)                     = 0x8002 (flags O_RDWR|O_LARGEFILE)
fstat64(4, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fc0000
_llseek(4, 0, 0xbfd5e7f4, SEEK_CUR)     = -1 ESPIPE (Illegal seek)
write(4, "ping: sendmsg: Operation not permitted\n", 39ping: sendmsg: Operation not permitted
) = 39
close(4)                                = 0

Z

Answer, by Giorgio M.

# iptables -t nat -F
# modprobe -rv iptable_nat

it works?

Answer, by Matthias H.

same Problem on a new Server after iptables -t nat -L

i get with ping 'Operation not permitted'

after removing the iptable_nat module with

modprobe -rv iptable_nat

Ping works fine ?

until i 'touch' the iptables configuration

then the Problem is back

ping 'Operation not permitted'

i ask Gandi Support about it and i got the Answer that this is a Problem with my iptables configuration … and they can't help me with that…

why is the System behaving like this ?

on a standard Linux Distro this never happend '??

Last modified: 15 Jun 2008 at 09:42 by Matthias H.