I get an error from the net-snmp library doing an snmp get that says
Operation not permitted error from sendto.
I am wondering what could make the sendto(2)
system call fail with this error.
Note, this is an intermittent error so I didn't think it was caused by a firewall issue, unless a firewall could cause this intermittently.
Happened to me today, in my case the problem was due to conntrack table being full.
Additional symptom is lots of "nf_conntrack: table full, dropping packet
" in syslog. If this is the case, the solution is to set net.ipv4.netfilter.ip_conntrack_max
(aka net.netfilter.nf_conntrack_max
) to a higher value, for example:
# sysctl net.ipv4.netfilter.ip_conntrack_max
net.ipv4.netfilter.ip_conntrack_max = 65536
# sysctl net.ipv4.netfilter.ip_conntrack_max=1548576
net.ipv4.netfilter.ip_conntrack_max = 1548576
As said by others, there could be other possible reasons for this, like SELinux or AppArmor policies. YMMV.