Hi, just to find out how can I run nmap from shorewall to a remote host? I''ve been getting "operation not permitted" during my scan and I''ve allowed all traffic from "fw" to "net". Thanks. Jason
--On Friday, November 29, 2002 12:56:31 PM +0800 Jason Yap <jason@ipstar.com.my> wrote:> > > Hi, just to find out how can I run nmap from shorewall to a remote host? > I''ve been getting "operation not permitted" during my scan and I''ve > allowed all traffic from "fw" to "net". >You''ve done it wrong then -- if you were were truely admiting all fw->net traffic then you wouldn''t be getting the "operation not permitted" messages. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
Hi Jason; I have had the same problem. nmap generates newnotsyn messages in shorewall.=20 There are two ways to get round this problem: 1) add the parameter -P0 to the end of your nmap command stop nmap pinging=20 the remote site. 2) Set NEWNOTSYN=3DYes in /etc/shorewall/shorewall.conf. Regards Steven. On Friday 29 November 2002 04:56, Jason Yap wrote:> Hi, just to find out how can I run nmap from shorewall to a remote host? > I''ve been getting "operation not permitted" during my scan and I''ve > allowed all traffic from "fw" to "net". > > Thanks. > Jason
Thanks, Steven. And my apologies to Jason for suggesting that his fw->net setup was wrong. -Tom --On Monday, December 02, 2002 11:04:54 PM +0000 Steven Jan Springl <shorewall@springl.fsnet.co.uk> wrote:> Hi Jason; > I have had the same problem. nmap generates newnotsyn messages in > shorewall. There are two ways to get round this problem: > 1) add the parameter -P0 to the end of your nmap command stop nmap > pinging the remote site. > 2) Set NEWNOTSYN=Yes in /etc/shorewall/shorewall.conf. > > Regards Steven. > > On Friday 29 November 2002 04:56, Jason Yap wrote: >> Hi, just to find out how can I run nmap from shorewall to a remote host? >> I''ve been getting "operation not permitted" during my scan and I''ve >> allowed all traffic from "fw" to "net". >> >> Thanks. >> Jason > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users-- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net