On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote: > On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote: > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote: > > > Check your firewall rules. > > > > It can't be firewall rules. Try this to block outgoing ping: > > > > iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT > > > > then try to ping anywhere. You will get a different error message, > > namely "Destination Port Unreachable". > > But if you transform the rule in question a little, like this: > > iptables -I OUTPUT -p icmp --icmp-type echo-request \ > -j REJECT --reject-with icmp-admin-prohibited > > ping will respond with 'Operation not permitted'. An exact wording of the > message seems to depend on actual ping implementation. > > So, checking firewall rules is a valid advice. It's just this particular > problem happens due to lack of file capabilities.
# iptables -I OUTPUT -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-admin-prohibited $ ping alum.local PING alum.local (192.168.1.19) 56(84) bytes of data. >From 192.168.1.15 icmp_seq=1 Packet filtered >From 192.168.1.15 icmp_seq=1 Packet filtered >From 192.168.1.15 icmp_seq=1 Packet filtered >From 192.168.1.15 icmp_seq=1 Packet filtered >From 192.168.1.15 icmp_seq=1 Packet filtered >From 192.168.1.15 icmp_seq=1 Packet filtered >From 192.168.1.15 icmp_seq=1 Packet filtered >From 192.168.1.15 icmp_seq=1 Packet filtered >From 192.168.1.15 icmp_seq=1 Packet filtered >From 192.168.1.15 icmp_seq=1 Packet filtered >From 192.168.1.15 icmp_seq=1 Packet filtered ping: sendmsg: Operation not permitted ping: recvmsg: No route to host ping: recvmsg: No route to host ping: recvmsg: No route to host ping: recvmsg: No route to host ping: recvmsg: No route to host [ad infinitum] [reboot] Cheers, David.
