Date: Mon, 28 May 2001 09:28:51 -0400 From: Bill Moran <wmoran@iowna.com> To: Alex M <alex@myzona.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw and nmap Message-ID: <3B125293.10522873@iowna.com> References: <001701c0e736$25f5f460$ea31fea9@parkson>
next in thread | previous in thread | raw e-mail | index | archive | help
Get more specific with your ruleset, or add a rule that specifically
allows anything going out such as:
00900 allow ip from ${myip} to any
Is that your entire ruleset? If it is, I'm confused as to what could be
blocking your nmap scans. I would think everything would work except the
ports you have listed.
-Bill
Alex M wrote:
>
> Hi all,
>
> i recently been playing with ipfw and added the following rules:
>
> voyager# ipfw list
> 01000 deny tcp from any to any 111,587,3306
> 01100 deny udp from any to any 111,587,3306
> 01200 allow tcp from any to any established
> 65000 allow ip from any to any
> 65535 deny ip from any to any
>
> After that I discovered several problems with nmap, for example:
>
> voyager# nmap -sT localhost
> Strange error from connect (13):Permission denied
> ...scan will continue.
>
> voyager# nmap -sS localhost
> sendto in send_tcp_raw: sendto(3, packet, 40, 0, 127.0.0.1, 16) =>
> Permission denied
> Sleeping 15 seconds then retrying
> ...scan will stop.
>
> Can these errors be avoided somehow? Any help will be appreciated,
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B125293.10522873>