SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  ping: sendto: Operation not permitted

    Posted 10-23-2014 06:36

    Goor morning,

     

    i try to configure a routing-instance with a firewall filter, but whem i try to ping a destination 200.130.6.181/32, i receive the follow menssage:

     

    # run ping 200.130.6.181     
    PING 200.130.6.181 (200.130.6.181): 56 data bytes
    ping: sendto: Operation not permitted
    ping: sendto: Operation not permitted
    ping: sendto: Operation not permitted
    ^C
    --- 200.130.6.181 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss

     

    My config is:

     

    # show interfaces ge-0/0/4  
    description WAN;
    unit 0 {
        family inet {
            filter {
                input filter-in;
                output internet-isp2;
            }

     

    # show firewall filter internet-isp2
    term to-isp2 {
        from {
            destination-address {
                200.130.6.181/32;
            }
        }
        then {
            count internet-isp2;
            routing-instance ISP2;
        }
    }
    term accept-others {
        then accept;
    }

     

    # show routing-instances ISP2
    instance-type virtual-router;
    interface ge-0/0/5.620;
    routing-options {
        static {
            route 0.0.0.0/0 {
                next-hop x.x.x.x;
                qualified-next-hop y.y.y.y {
                    preference 10;
                }
            }
        }
    }


    #firewall
    #filter
    #routing-instances


  • 2.  RE: ping: sendto: Operation not permitted

     
    Posted 10-23-2014 06:43

    Can you try the ping specifying interface?

    # run ping 200.130.6.181   interface ge-0/0/4

     

    Thanks,

    Suraj

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too



  • 3.  RE: ping: sendto: Operation not permitted

    Posted 10-23-2014 07:11

    Same message of error

     

     

    > ping 200.130.6.181 interface ge-0/0/4
    PING 200.130.6.181 (200.130.6.181): 56 data bytes
    ping: sendto: Operation not permitted
    ping: sendto: Operation not permitted
    ping: sendto: Operation not permitted
    ping: sendto: Operation not permitted
    ^C
    --- 200.130.6.181 ping statistics ---
    4 packets transmitted, 0 packets received, 100% packet loss

     

    Thank's for the help



  • 4.  RE: ping: sendto: Operation not permitted

    Posted 10-23-2014 07:13

    I try to ping with

     

    1> ping 200.130.6.181 routing-instance VIACOM
    PING 200.130.6.181 (200.130.6.181): 56 data bytes
    ping: sendto: Operation not permitted
    ping: sendto: Operation not permitted
    ping: sendto: Operation not permitted
    ^C
    --- 200.130.6.181 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss

     

    but don't work



  • 5.  RE: ping: sendto: Operation not permitted

     
    Posted 10-26-2014 22:30

    Can you please provide me below output

     


    root> show route 200.130.6.181 | no-more

     

    Thanks,

    Suraj



  • 6.  RE: ping: sendto: Operation not permitted

    Posted 10-27-2014 13:00

    root@FW-CD# run show route 200.130.6.181 | no-more

    inet.0: 17 destinations, 19 routes (17 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    0.0.0.0/0          *[Static/1] 2d 23:07:06, metric2 0
                        > to xxx.xxx.xxx.xxx via ge-0/0/1.0
                        [Static/5] 2d 23:08:41
                        > to xxx.xxx.xxx.xxx via ge-0/0/1.0

     

    Thanks



  • 7.  RE: ping: sendto: Operation not permitted

    Posted 11-22-2014 05:57

    Hello,

    Firewall filter applied on the out going interface in the output direction is creating problem here, i mean blocking ICMP.

    Please accept ICMP in the filter to get rid of this error.

     

     

    -CK

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too