Date: Thu, 18 Jan 2001 22:49:49 -0500 (EST) From: Al <morewood@otterhole.yi.org> To: Tony Finch <dot@dotat.at> Cc: obrien@freebsd.org, ports@freebsd.org, stable@freebsd.org Subject: Re: FreeBSD port: nmap-5-32 under 4.2-STABLE, No route to host -> IPFilter keep state problem Message-ID: <200101190349.f0J3nnR01417@otterhole.yi.org> In-Reply-To: <20010119025750.V30538@hand.dotat.at> from Tony Finch at "Jan 19, 2001 02:57:50 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> Al <morewood@otterhole.yi.org> wrote: > > > >One difference between a ktrace of root/no root is that the root > >version has this in the trace: > > > > 10128 nmap CALL open(0x8066f2c,0,0x1b6) > > 10128 nmap NAMI "/proc/net/route" > > 10128 nmap RET open -1 errno 2 No such file or directory > > > >But the non-root version has no /proc/net call. I do not see any > >reference to /proc/net/ anywhere. > > /proc/net/route is a linuxism so I guess the linuxulator is causing > trouble. Is your PATH different for root and non-root? What does > `which nmap` say for each user? I'm betting that linux emulation is not the problem. I do not have COMPAT_LINUX in the kernel, nor do I have a kld module for linux loaded. The paths are not the problem, as after I built the kernel I build a new version of nmap, and ran it as root and not root from /usr/ports/security/nmap/work/nmap-2.53/ as ./nmap for both root and non root. Somebody else suggested it could be a firewall problem, and he is correct. I also have IPFilter installed, and I looked at a tcpdump of the problem shows that an echo request was getting out of my the box, but no echo reply. Replacing my IPFilter rules with "any any" allows nmap to work again. The IPFilter rules used to work just fine. My IPFilter rules include: pass out quick proto icmp from any to any keep state all the rules use quick, and no preceeding rules deny traffic. It looks like the keep state function on IPFilter is broken? I also changed the IPfilter default to deny traffic, may that broke something? I will test some more. Thanks for the help, al > > Tony. > -- > f.a.n.finch fanf@covalent.net dot@dotat.at > "Then they attacked a town. A small town, I'll admit. > But nevertheless a town of people. People who died." > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101190349.f0J3nnR01417>