Nmap Development mailing list archives

nmap won't work with policy route

From: Taburiss S <staburiss () gmail com>
Date: Fri, 1 Mar 2013 09:19:33 +0800

Hi ~
    I'm trying to write a shell script to test every network interface in
one server. I have some policy routing rules like below:

#ip rule
0: from all lookup local
1:     from <IP of ppp0> look up ppp0_RT   // <-- （ppp0_RT = default via
<gateway of ppp0>）
2:   from <IP of ppp1> look up ppp1_RT   // <-- （ppp1_RT = default via
<gateway of ppp1>）
32766: from all lookup main
32767: from all lookup default

And the main routing table is shown below
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
172.16.126.229  *               255.255.255.255 UH    0      0        0 ppp1
172.16.126.240  *               255.255.255.255 UH    0      0        0 ppp0
default               *               0.0.0.0                U     0      0
       0 ppp0

Since I want to test every ppp interface, I need to use nmap -e to specify
an output interface like this:
# nmap -e ppp0 -sP 8.8.8.8
This worked well, but
# nmap -e ppp1 -sP 8.8.8.8
end up with an error:
nexthost: failed to determine route to 8.8.8.8

I find that if ppp1 is not 'default' in main routing table, even I have a
ip rule whose priority is higher than the main table, I can't use nmap -e
to force my ping packet goes out through this ppp1 interface. The only way
is to set it to the default dev in main table, but if I do that the same
problem will happen to ppp0 which can not be 'default' anymore.

In my opinion nmap should find the IP address of the interface that given
by -e , and bind a raw socket to this IP, than send ICMP packet to 8.8.8.8.
At this point my ip rules should work well, and the 'default' in main table
should do nothing with this packet. Actually, I wrote a small program like
that , and it do work well.

I don't know what is happening in nmap -e and the iproute.

Please kindly guide me to solve this problem.~

Have a nice day, every one.
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

nmap won't work with policy route Taburiss S (Feb 28)
- Re: nmap won't work with policy route David Fifield (Mar 01)
  - Re: nmap won't work with policy route John Bond (Mar 06)
    - Re: nmap won't work with policy route John Bond (Mar 06)
    - Re: nmap won't work with policy route John Bond (Mar 06)
    - Re: nmap won't work with policy route David Fifield (Mar 07)
    - Re: nmap won't work with policy route John Bond (Mar 07)
    - Re: nmap won't work with policy route David Fifield (Mar 07)
    - Re: nmap won't work with policy route John Bond (Mar 07)
    - Re: nmap won't work with policy route John Bond (Mar 07)
    - Re: nmap won't work with policy route David Fifield (Mar 07)