Results 1 to 10 of 10
  1. #1

    ping: icmp open socket: Operation not permitted

    ping: icmp open socket: Operation not permitted

    I get that when using a network cgi tool I installed on my web page. I'm guessing APF firewall conflict?

    How can I correct this?

  2. #2
    Join Date
    Apr 2005
    Location
    Cochin
    Posts
    2,452

  3. #3
    That didn't work. Don't hav vsecurity installed and do not wish for it to conflict with everything else (Security)

  4. #4
    Join Date
    Jun 2000
    Location
    Washington, USA
    Posts
    5,990
    Sounds like a firewall policy is blocking the ICMP packet.

  5. #5
    Disable APF firewall on the server if its installed and then try if it works.

    $ service apf stop

    Make sure that there are no rules in Iptables using

    $ iptables -L

    Regards,
    Rose
    rose@instacarma.com
    Regards,
    Rose [rose@instacarma.com]
    InstaCarma.com
    24x7 Technical Support and Server Management

  6. #6
    Join Date
    Jun 2005
    Posts
    703
    No idea what kind of server you have but *good* setups prevent users from using ping.

    You need to set the suid bit to get around your problem, it has nothing to do with the firewall imho.
    ReflexNetworks means Happy Clients!

  7. #7
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,569
    what andren said - Operation not permitted is an OS thing, not a firewall problem (which would probably just drop the packet and put something in syslog)

    Chances are your machine doesnt allow non-root users to open icmp sockets

  8. #8
    Do you know of a work around? For example, i want to add some tools like the ones found on dnsstuff.com

  9. #9
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,569
    run:

    ls -l /bin/ping

  10. #10
    Join Date
    Jun 2005
    Posts
    703
    Quote Originally Posted by UnrealSilence
    Do you know of a work around? For example, i want to add some tools like the ones found on dnsstuff.com
    Afaik there is no workaround for the suid bit.
    You can add tools like dnsstuff - but I wouldn't recommend it on a shared server.
    ReflexNetworks means Happy Clients!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •