nmap on FreeBSD 7.0-RELEASE

Dave Edwards dave.edwards at adelaide.on.net
Thu Nov 27 04:13:20 PST 2008 

Hi,

I'm having some problems with nmap over the tun device.  I connect to
the net using ppp and pppoe (adsl) which creates the "tun0" device.  My
default route goes out that way.

Using nmap to try to map an external host:
-------------------------
# nmap -vvv -e tun0 -sS -p80,443 1.2.3.4

Starting Nmap 4.76 ( http://nmap.org ) at 2008-11-27 22:05 CST
WARNING: Unable to find appropriate interface for system route to 1.2.3.4
nexthost: failed to determine route to 1.2.3.4
QUITTING!
--------------------------

This only seems to occur when running nmap as root.  As a normal user
(using the "connect" scan option) it seems to work ok, but you can only
run a SYN scan (or force a specific source port) as root.  I think this
means that the problem may be related to using a raw socket..

I have the same problem with nmapping over a VPN tunnel as well (another
tun device) so I don't think it's the configuration of the ppp session.

As root, nmap finds the following interface list (note the missing
default route)
--------------------------
$ nmap --iflist
Starting Nmap 4.76 ( http://nmap.org ) at 2008-11-27 22:00 CST
************************INTERFACES************************
DEV  (SHORT) IP/MASK           TYPE        UP MAC
rl0  (rl0)   x.x.x.x    ethernet    up 00:00:E8:7A:EE:1C
re0  (re0)   x.x.x.x       ethernet    up 00:E0:4C:50:19:8F
lo0  (lo0)   127.0.0.1/8       loopback    up
tun0 (tun0)  x.x.x.x/32 point2point up

WARNING: Unable to find appropriate interface for system route to
203.16.215.186
**************************ROUTES**************************
DST/MASK          DEV  GATEWAY
127.0.0.1/32      lo0  127.0.0.1
203.16.215.186/32 tun0 x.x.x.x
--------------------------

I've tried creating a host route for the nmap target instead of relying
on the default route and I've tried three other versions of nmap.  As an
aside (or maybe a hint) when compiling nmap from source, there are a
number of warnings like:
------------------------
checking net/route.h presence... yes
configure: WARNING: net/route.h: present but cannot be compiled
configure: WARNING: net/route.h:     check for missing prerequisite headers?
configure: WARNING: net/route.h: see the Autoconf documentation
configure: WARNING: net/route.h:     section "Present But Cannot Be
Compiled"
configure: WARNING: net/route.h: proceeding with the preprocessor's result
configure: WARNING: net/route.h: in the future, the compiler will take
precedence
checking for net/route.h... yes
-------------------------

Google has let me down this time.  There are a few comments about nmap
and FreeBSD but nothing that seems helpful and they are mostly fairly old.

Anyone got a clue for me?

davo

More information about the freebsd-net mailing list