Results 1 to 10 of 10
  1. #1

    ping: icmp open socket: Operation not permitted

    ping: icmp open socket: Operation not permitted

    I get that when using a network cgi tool I installed on my web page. I'm guessing APF firewall conflict?

    How can I correct this?

  2. #2
    Join Date
    Apr 2005
    Location
    Queen of Arabian Sea
    Posts
    2,433

  3. #3
    That didn't work. Don't hav vsecurity installed and do not wish for it to conflict with everything else (Security)

  4. #4
    Join Date
    Jun 2000
    Location
    Washington, USA
    Posts
    5,991
    Sounds like a firewall policy is blocking the ICMP packet.

  5. #5
    Disable APF firewall on the server if its installed and then try if it works.

    $ service apf stop

    Make sure that there are no rules in Iptables using

    $ iptables -L

    Regards,
    Rose
    rose@instacarma.com
    Regards,
    Rose [rose@instacarma.com]
    InstaCarma.com
    24x7 Technical Support and Server Management

  6. #6
    Join Date
    Jun 2005
    Posts
    697
    No idea what kind of server you have but *good* setups prevent users from using ping.

    You need to set the suid bit to get around your problem, it has nothing to do with the firewall imho.
    ReflexNetworks means Happy Clients!

  7. #7
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,560
    what andren said - Operation not permitted is an OS thing, not a firewall problem (which would probably just drop the packet and put something in syslog)

    Chances are your machine doesnt allow non-root users to open icmp sockets

  8. #8
    Do you know of a work around? For example, i want to add some tools like the ones found on dnsstuff.com

  9. #9
    Join Date
    Apr 2003
    Location
    UK
    Posts
    2,560
    run:

    ls -l /bin/ping

  10. #10
    Join Date
    Jun 2005
    Posts
    697
    Quote Originally Posted by UnrealSilence
    Do you know of a work around? For example, i want to add some tools like the ones found on dnsstuff.com
    Afaik there is no workaround for the suid bit.
    You can add tools like dnsstuff - but I wouldn't recommend it on a shared server.
    ReflexNetworks means Happy Clients!

  11. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •