From owner-freebsd-questions  Wed Jun  6  0:42:31 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from voyager.myzona.net (dsl027-179-063.sfo1.dsl.speakeasy.net [216.27.179.63])
	by hub.freebsd.org (Postfix) with ESMTP id 08AD337B401
	for <freebsd-questions@freebsd.org>; Wed,  6 Jun 2001 00:42:26 -0700 (PDT)
	(envelope-from alex@myzona.net)
Received: from parkson (adsl-64-166-86-165.dsl.sntc01.pacbell.net [64.166.86.165])
	by voyager.myzona.net (8.11.4/8.11.1) with SMTP id f567dI404603
	for <freebsd-questions@freebsd.org>; Wed, 6 Jun 2001 00:39:18 -0700 (PDT)
	(envelope-from alex@myzona.net)
Message-ID: <002f01c0ee5b$e521b500$ea31fea9@parkson>
Reply-To: "Alex M" <alex@myzona.net>
From: "Alex M" <alex@myzona.net>
To: <freebsd-questions@freebsd.org>
Subject: ipfw and nmap
Date: Wed, 6 Jun 2001 00:39:55 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello people,

I've just statically enabled ipfirewall in kernel with default to accept
policy, i use a custom ruleset:

voyager# ipfw show
00100    18    1052 allow ip from any to any via lo0
00100    31    1496 deny tcp from any to any 111,587,3306
00101     0       0 deny udp from any to any 111,587,3306
00200     0       0 deny ip from any to 127.0.0.0/8
65535 21790 1148822 allow ip from any to any

Now, when I try to run nmap from this machine with a basic -sT options, i've
got a simple error:

Strange error from connect (13):Permission denied

It is understable due to fully blocked some ports.
But, when i try to perform a SYN scan (-sS), this error occurs:

sendto in send_tcp_raw: sendto(3, packet, 40, 0, 195.209.226.151, 16) =>
Permission denied
Sleeping 15 seconds then retrying
sendto in send_tcp_raw: sendto(3, packet, 40, 0, 195.209.226.151, 16) =>
Permission denied
Sleeping 60 seconds then retrying

and so on... scanning will not be performed...

Anyone can give me any hints on this?  Any help would be appreciated.

Thanks.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message