On Mon 06 Jun 2016 at 19:26:04 (+0300), Reco wrote: > On Mon, Jun 06, 2016 at 11:14:11AM -0500, David Wright wrote: > > On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote: > > > On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote: > > > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote: > > > > > Check your firewall rules. > > > > > > > > It can't be firewall rules. Try this to block outgoing ping: > > > > > > > > iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT > > > > > > > > then try to ping anywhere. You will get a different error message, > > > > namely "Destination Port Unreachable". > > > > > > But if you transform the rule in question a little, like this: > > > > > > iptables -I OUTPUT -p icmp --icmp-type echo-request \ > > > -j REJECT --reject-with icmp-admin-prohibited > > > > > > ping will respond with 'Operation not permitted'. An exact wording of the > > > message seems to depend on actual ping implementation. > > > > > > So, checking firewall rules is a valid advice. It's just this particular > > > problem happens due to lack of file capabilities. > > > > # iptables -I OUTPUT -p icmp --icmp-type echo-request -j REJECT > > --reject-with icmp-admin-prohibited > > > > $ ping alum.local > > PING alum.local (192.168.1.19) 56(84) bytes of data. > > >From 192.168.1.15 icmp_seq=1 Packet filtered > > >From 192.168.1.15 icmp_seq=1 Packet filtered > > >From 192.168.1.15 icmp_seq=1 Packet filtered > > >From 192.168.1.15 icmp_seq=1 Packet filtered > > >From 192.168.1.15 icmp_seq=1 Packet filtered > > >From 192.168.1.15 icmp_seq=1 Packet filtered > > >From 192.168.1.15 icmp_seq=1 Packet filtered > > >From 192.168.1.15 icmp_seq=1 Packet filtered > > >From 192.168.1.15 icmp_seq=1 Packet filtered > > >From 192.168.1.15 icmp_seq=1 Packet filtered > > >From 192.168.1.15 icmp_seq=1 Packet filtered > > ping: sendmsg: Operation not permitted > > ping: recvmsg: No route to host > > ping: recvmsg: No route to host > > ping: recvmsg: No route to host > > ping: recvmsg: No route to host > > ping: recvmsg: No route to host > > [ad infinitum] > > As I wrote earlier - it depends on the implementation of a ping. For me > it looks like this: > > $ dpkg -S $(which ping) > iputils-ping: /bin/ping > $ ping -c2 localhost > PING localhost (127.0.0.1) 56(84) bytes of data. > ping: sendmsg: Operation not permitted > ping: sendmsg: Operation not permitted > <long hang> > ^C > --- localhost ping statistics --- > 2 packets transmitted, 0 received, 100% packet loss, time 1007ms
But the OP's error message was "ping: icmp open socket: Operation not permitted" and not "ping: sendmsg: Operation not permitted" Cheers, David.
