Re: nexthost: failed to determine route to xxx.xxx.xxx.xxx

["Mauricio Brunstein" <mbrunstein () gmail com>]

Hi!

I had the same problem with Nmap and found a workaround. I hope that it will
be useful to you.
I saw that making a change in the routing table, nmap worked normally.
I tested a little bit my system and had no problems using it. I'm
using OpenBSD 3.9 as a gateway/firewall
to connect a network to the Internet (using pppoe), and it comes with Nmap
3.95.

In the remaining of the text I replaced the values of the addresses of the
ppp macro expansions in the following way:

MYADDRESS: a.b.c.d
HISADDRESS: e.f.g.h

Normally when I connect to the Internet the interface tun0 is configured
like this:

mauro@migg:~ {102} ifconfig tun0
tun0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1492
        groups: tun egress
        inet a.b.c.d --> e.f.g.h netmask 0xffffffff

And the routing tables are:

mauro@migg:~ {67} sudo route show
Routing tables

Internet:
Destination        Gateway        Flags       Refs    Use       Mtu
Interface
default               e.f.g.h            UGS          0      165
-             tun0
migg.labo           migg.labo       UH            0        0
33224      lo0
192.168.2/24      link#2             UC            0        0
-             fxp1
e.f.g.h               a.b.c.d            UH            0        0
1492        tun0

The ppp.conf file is:
default:
 set log Phase Chat LCP IPCP CCP tun command LQM
 nat enable yes
 iface clear INET
 disable ipv6cp
 nat same_ports yes
 nat use_sockets yes
 set device "!/usr/sbin/pppoe -v -i fxp0"
 set mtu 1492
 set mru 1492
 enable mssfixup
 set speed sync
 disable acfcomp protocomp
 deny acfcomp
 set authname YYYYYYY
 set openmode passive
 set authkey XXXXXX
 set ifaddr 10.0.0.1/0 10.0.0.2/0
 add! default HISADDR
 enable lqr
 enable echo
 set lqrperiod 5
 set echoperiod 5
 enable dns

The ppp.linkup file is:

MYADDR:
 !bg /sbin/pfctl -f /etc/pf.conf


In this condition I have the same problem with Nmap. But I changed
the file ppp.linkup in the following way:

MYADDR:
 !bg /sbin/pfctl -f /etc/pf.conf
 !bg /sbin/route change default -inet MYADDR -mtu 1492

Adding the second line, after the connection to the Internet, makes the
routing table to look like this:

mauro@migg:~ {73} sudo route show
Routing tables

Internet:
Destination        Gateway           Flags    Refs      Use    Mtu
Interface
default               a.b.c.d              UGS        0     2150
1492     tun0
migg.labo           migg.labo          UH          0        0
33224    lo0
192.168.2/24      link#2                UC          0        0
-          fxp1
d.e.f.g                a.b.c.d              UH          0        0
1492     tun0


And in this manner I had no more problems with Nmap. I had not read the
sources
to know why the thing works in this manner, but my box is working fine.

I hope that this helps to other people.

Best regards,

Mauricio

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org