When encountering the "ping: sendmsg: Operation not permitted" error on Ubuntu 14.04 while VMs can still access the network, we're typically dealing with either:
- Incorrect firewall rules (iptables/ip6tables)
- Network namespace permissions
- CAP_NET_RAW capability restrictions
Before attempting fixes, gather system information:
# Check current iptables rules
sudo iptables -L -n -v
sudo ip6tables -L -n -v
# Verify network interfaces
ip addr show
ip route show
# Check capabilities for ping
which ping
getcap $(which ping)
Solution 1: Reset Firewall Rules Completely
# For IPv4
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
# For IPv6
sudo ip6tables -P INPUT ACCEPT
sudo ip6tables -P OUTPUT ACCEPT
sudo ip6tables -P FORWARD ACCEPT
sudo ip6tables -FSolution 2: Check and Restart Network Services
sudo service networking restart
sudo service network-manager restart
sudo ifdown eth0 && sudo ifup eth0 # Replace eth0 with your interfaceIf basic solutions don't work, consider these deeper checks:
# Check for AppArmor restrictions
sudo aa-status | grep ping
# Verify ICMP protocol isn't blocked
sudo sysctl net.ipv4.icmp_echo_ignore_all
sudo sysctl -w net.ipv4.icmp_echo_ignore_all=0For persistent settings across reboots:
# Save iptables rules
sudo apt-get install iptables-persistent
sudo netfilter-persistent save
# Edit sysctl.conf for ICMP
echo "net.ipv4.icmp_echo_ignore_all = 0" | sudo tee -a /etc/sysctl.conf
sudo sysctl -pRemember that Ubuntu 14.04 is quite old (released in 2014) and reaching end-of-life. Consider upgrading to a supported LTS version for better security and compatibility.
When encountering the "ping: sendmsg: Operation not permitted" error on Ubuntu 14.04, we're facing a fundamental network communication issue where ICMP packets can't be transmitted. Your case is particularly interesting because VMs can access the internet while the host system cannot.
First, let's verify basic network connectivity:
# Check interface status
ifconfig -a
# Verify routing table
route -n
# Test raw socket permissions (ping uses raw sockets)
ls -l /bin/ping
While you've already checked iptables, Ubuntu 14.04 uses ufw as its frontend. Let's thoroughly examine all possible firewall layers:
# Check ufw status
sudo ufw status verbose
# List all iptables rules including NAT
sudo iptables -L -n -v
sudo iptables -t nat -L -n -v
# IPv6 specific rules
sudo ip6tables -L -n -v
The ping command requires special permissions. Modern systems use capabilities instead of setuid. Let's verify:
# Check ping capabilities
getcap /bin/ping
# Expected output should include:
# /bin/ping = cap_net_raw+ep
# If missing, restore capabilities:
sudo setcap cap_net_raw+ep /bin/ping
Ubuntu's mandatory access control system might be blocking network access:
# Check AppArmor status
sudo apparmor_status
# Temporarily disable AppArmor for testing
sudo service apparmor stop
# Check if ping works now
ping -c 3 8.8.8.8
In some cases, network namespaces might cause this behavior. Check with:
# List all network namespaces
ip netns list
# Check network device ownership
ls -l /sys/class/net/
Certain kernel parameters can affect raw socket operations:
# Check relevant sysctl settings
sysctl net.ipv4.ping_group_range
sysctl net.ipv4.ip_forward
# Temporary modification for testing
sudo sysctl -w net.ipv4.ping_group_range="0 2147483647"
When ping fails, try these alternatives to isolate the issue:
# TCP connectivity test
nc -zv 8.8.8.8 53
# DNS resolution test
dig @8.8.8.8 google.com
# Raw socket test using Python
python -c "import socket; s=socket.socket(socket.AF_INET,socket.SOCK_RAW,socket.IPPROTO_ICMP); s.sendto(b'\x08\x00\xf7\xff\x00\x00\x00\x00',('8.8.8.8',0))"