Hi all,

Running 7.0-RELEASE-p2, I set up a jail from which to perform NMAP and
Nessus scans.  I set the sysctl security.jail.allow_raw_sockets=1,
which I expected to prevent any problems.  Unfortunately, I'm getting
this whenever I try to NMAP:

$ sudo nmap -P0 localhost
Starting Nmap 4.76 ( http://nmap.org ) at 2008-10-14 16:56 CDT
WARNING: Unable to find appropriate interface for system route to
WARNING: Unable to find appropriate interface for system route to
nexthost: failed to determine route to

Nessus scans fail shortly after being started if port scanning is
enabled.  If port scanning is disabled, the vulnerability scan
succeeds.  Identical configurations outside of a jail work just fine,
which lead me to believe that the Nessus and NMAP issues are related
to the processes being jailed.

$ sysctl -a | grep jail
security.jail.jailed: 1
security.jail.mount_allowed: 0
security.jail.chflags_allowed: 1
security.jail.allow_raw_sockets: 1
security.jail.enforce_statfs: 2
security.jail.sysvipc_allowed: 0
security.jail.socket_unixiproute_only: 1
security.jail.set_hostname_allowed: 1

Anyone have any hope for me?

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to