On Mon, Jun 06, 2016 at 11:14:11AM -0500, David Wright wrote: > On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote: > > On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote: > > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote: > > > > Check your firewall rules. > > > > > > It can't be firewall rules. Try this to block outgoing ping: > > > > > > iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT > > > > > > then try to ping anywhere. You will get a different error message, > > > namely "Destination Port Unreachable". > > > > But if you transform the rule in question a little, like this: > > > > iptables -I OUTPUT -p icmp --icmp-type echo-request \ > > -j REJECT --reject-with icmp-admin-prohibited > > > > ping will respond with 'Operation not permitted'. An exact wording of the > > message seems to depend on actual ping implementation. > > > > So, checking firewall rules is a valid advice. It's just this particular > > problem happens due to lack of file capabilities. > > # iptables -I OUTPUT -p icmp --icmp-type echo-request -j REJECT --reject-with > icmp-admin-prohibited > > $ ping alum.local > PING alum.local (192.168.1.19) 56(84) bytes of data. > >From 192.168.1.15 icmp_seq=1 Packet filtered > >From 192.168.1.15 icmp_seq=1 Packet filtered > >From 192.168.1.15 icmp_seq=1 Packet filtered > >From 192.168.1.15 icmp_seq=1 Packet filtered > >From 192.168.1.15 icmp_seq=1 Packet filtered > >From 192.168.1.15 icmp_seq=1 Packet filtered > >From 192.168.1.15 icmp_seq=1 Packet filtered > >From 192.168.1.15 icmp_seq=1 Packet filtered > >From 192.168.1.15 icmp_seq=1 Packet filtered > >From 192.168.1.15 icmp_seq=1 Packet filtered > >From 192.168.1.15 icmp_seq=1 Packet filtered > ping: sendmsg: Operation not permitted > ping: recvmsg: No route to host > ping: recvmsg: No route to host > ping: recvmsg: No route to host > ping: recvmsg: No route to host > ping: recvmsg: No route to host > [ad infinitum]
As I wrote earlier - it depends on the implementation of a ping. For me it looks like this: $ dpkg -S $(which ping) iputils-ping: /bin/ping $ ping -c2 localhost PING localhost (127.0.0.1) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted <long hang> ^C --- localhost ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1007ms Reco
