On Sat, 2003-08-16 at 03:50, Salvatore wrote:> Hi,
>
>
>
> I have Debian Woody with kernel 2.4.21, Iptables 1,28 and nmap 3.27 ( all
> Debian pakages ).
>
> When I launch Nmap it always give me the initial error:
>
>
>
> # nmap www.shorewall.net
>
>
>
> Starting nmap 3.27 ( www.insecure.org/nmap/ ) at 2003-08-16 12:50 CEST
>
> sendto in send_tcp_raw: sendto(3, packet, 40, 0, 216.211.130.20, 16) =>
> Operation not permitted
>
>
>
> I readed internet forums and the people say that It can be a conflict with
> the firewall and iptables.
>
A better source for Shorewall information is the Shorewall
documentation/website.
>
>
> Is it possibile to solve this problem ?
Yes.
First of all, since you are running nmap on the firewall and are trying
to scan my web server (which in in the ''net'') zone, you will
be
initiating fw->net traffic. The default policies installed with
Shorewall reject this traffic.
This can be overridden by following these instructions in the
two-interface sample /etc/shorewall/policy file.
# If you want open access to the Internet from your Firewall
# remove the comment from the following line.
#fw net ACCEPT
Once again, this is pointed out in the two-interface QuickStart Guide
(http://shorewall.net/two-interface.htm).
The other aspect of Shorewall/nmap interaction that often trips people
up may be found in Shorewall FAQ #26
(http://shoreawll.net/FAQ.htm#faq26).
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net