Date: Thu, 07 Oct 2004 14:16:03 -0500 From: Norm Vilmer <norm@etherealconsulting.com> To: freebsd-questions@freebsd.org Subject: nmap'ing myself Message-ID: <416595F3.1030601@etherealconsulting.com>
next in thread | raw e-mail | index | archive | help
If there a better forum for discussing IPFW, please direct me there. I have a firewall machine running FreeBSD 4.10 connected between my DSL modem and my office switch. It does nat and has a basic set of IPFW rules. It is somewhat locked down (kern_securelevel = 1, other recommendations typical for this configuration). My question is: from a "well" configured firewall, "Should" I be able to nmap the public interface using a console session on the firewall itself? Will allowing this compromising security of the machine? Basically, should I even attempt to make this work? What's a good way to test your own firewall without driving down the road (and hacking into an unsecured linksys wireless router.... just kidding)? Additional info: I am still reading "Network Security Hacks" by Andrew Lockhart; not sure if this is covered..... nmap -v -O -sS my.firewall.com .... sendto in send_ip_raw: sendto(4, packet, 28, 0, n.n.n.n, 16) => Permission denied. I can nmap to other machine inside and outside my firewall. Machines inside my firewall can nmap machines inside(duh) and outside the firewall. Although doing an nmap from a machine inside my firewall to a machine outside causes the net.inet.ip.fw.dyn_count to grow rather large so I avoid doing this. Same thing if I try to nmap my firewall from a machine inside the firewall. Tried opening up the firewall, still does not work (slightly different error though).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?416595F3.1030601>