ping: sendmsg: Operation not permitted (sometimes)

networking linux ping ubuntu

Solution 1:

I think problem is because of exceeded count of connections in conntrack - then new connections can't be established until old are expired.. Probably you can see in dmesg something like:

[1824447.285257] nf_conntrack: table full, dropping packet.
[1824447.522502] nf_conntrack: table full, dropping packet.

Current max of conntrack you can see in:

undefine@uml:~$ sudo sysctl net.nf_conntrack_max
net.nf_conntrack_max = 65536

and current conntrack count in:

undefine@uml:~$ sysctl net.netfilter.nf_conntrack_count
net.netfilter.nf_conntrack_count = 157

Currenct connections you can display using conntrack -L (tool from conntrack package). It's usefull to look there and check what type are them - it's possible that some aren't necessary.

You have three possibilites:

  1. dont use conntrack (simply - don't use nat table and unload nf_conntrack module
  2. disable conntrack for outgoint connections (in raw table use -j NOTRACK for problematic connections

  3. increase connection count by:

    undefine@uml:~$ sudo sysctl net.nf_conntrack_max=512000 net.nf_conntrack_max = 512000 or put net.nf_conntrack_max=512000 into /etc/sysctl.conf and then invoke sysctl -w to reload it.

Related

What is the optimum ban duration of a brute force attack?
Abnormal sendmail activity using up the server memory on my Ubuntu 12.04 server
VSS does not truncate Exchange 2013 Logs on Server 2012
Gateway gets stripped from DHCP Reply through OpenVPN tunnel
Difference between /dev/udp and netcat
Connect to RDS from EC2 instance -- both inside VPC
Zabbix - service restart
btrfs Integrity and Stress Testing
On IPv6 linux router, autoconf and accept router advertisements for single interface
Amazon AWS IAM Policy for single VPC Subnet
Serve a custom 404 page generated by PHP
Nginx/Apache: set HSTS only if X-Forwarded-Proto is https