Nmap scan on my LAN is blocked by my host firewall (Linux)

user96649

I recently added some rules to GUFW to make sure only my (personal) VPN connection is allowed to get out, x.x.x.x being my ip, y.y.y.y being my VPN's IP I connect to.

To - Action - From

y.y.y.y ALLOW OUT x.x.x.x

Anywhere DENY OUT x.x.x.x

So far, everything worked fine : nothing could pass through, except my VPN connection, which would then have everything tunnel through it. Internet, everything work.

I want to scan a host (t.t.t.t) on my home network to identify it. So I try to do a Syn scan using nmap :

sudo nmap t.t.t.t -sS -v

However it seem that the firewall is blocking the probes as I'm getting this :

sendto in send_ip_packet_sd: sendto(5, packet, 44, 0, t.t.t.t, 16) => Operation not permitted

So I added this rule :

x.x.0.0/16 ALLOW OUT x.x.x.x

Strangely I still get the same error, even if I use a /24 netmask. Deactivating the firewall does the trick, but I'm looking for a real solution there.

Any clue on what might be the problem ? Thanks.

SOLVED : The order of the rules of iptables is very important. Since gufw is a simplification of it, I had to change the order of the rules. FIRST, you ALLOW the interface to communicate to the subnet, THEN you DENY the interface the communication to the rest of the world. I can ping, scan, etc the subnet now, and the rest of the internet is blocked if I'm not using the VPN : pings, scan... can't go outside.

user96649

As I said in my edit, the order of the rules is very important.

Even for gufw, you need to take that into account. So, to do what I intended to do :

You first ALLOW the interface to communicate with the subnet (x.x.0.0/16), then you DENY communication with the rest of the world.

I had reversed the order, unsure of what rule would be taken first into account.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

From Java

How to install the Raspberry Pi cross compiler on my Linux host machine?

From Dev

Scan a document straight to my site

From Dev

Why are my bindings blocked?

From Dev

How to check if URL is blocked by my firewall

From Dev

Why is my LAN not gigabit?

From Dev

Nmap -sn: scan or no scan?

From Dev

how to make a LAN between ubuntu in vmware and my host which it is win7

From Dev

I blocked my access to my own drive on windows 7

From Dev

Scan a document straight to my site

From Dev

Why is Nmap slow on my Windows 8.1 laptop?

From Dev

nmap: easily Ping-Scan all addresses in my subnet

From Dev

Can I have a self-hosted VPN on my Linux host?

From Dev

Why does my firewall (iptables) interfere in my bridge (brctl)?

From Dev

How to find out what is launching a port scan in the night from my Linux?

From Dev

How can I perform a virus scan of my Windows install from Linux?

From Dev

Nmap Changed My Network?

From Dev

Why does my firewall reset upon reboot?

From Dev

Stop scan splitting my match

From Dev

My Linux server forgets its host name every day

From Dev

VitualBox not detecting my USB devices with a linux host

From Dev

How can I check if cgroups are available on my Linux host?

From Dev

How to setup a firewall between my ISP cable modem/router and my LAN?

From Dev

What is causing my UI Thread to be blocked?

From Dev

OpenCV - How to process each frame of a video in a separate host in my LAN?

From Dev

Xubuntu Linux - Why doesn't my localhost direct me to my virtual host site?

From Dev

Ping works, but I get 'No route to host' even though my firewall is off

From Dev

How my RAMs are blocked at 2666MHz?

From Dev

What does "my.firewall" mean on linux routing table?

From Dev

Why is my RestEasy WebService blocked when my @Asynchronous method is working?

Related Related

  1. 1

    How to install the Raspberry Pi cross compiler on my Linux host machine?

  2. 2

    Scan a document straight to my site

  3. 3

    Why are my bindings blocked?

  4. 4

    How to check if URL is blocked by my firewall

  5. 5

    Why is my LAN not gigabit?

  6. 6

    Nmap -sn: scan or no scan?

  7. 7

    how to make a LAN between ubuntu in vmware and my host which it is win7

  8. 8

    I blocked my access to my own drive on windows 7

  9. 9

    Scan a document straight to my site

  10. 10

    Why is Nmap slow on my Windows 8.1 laptop?

  11. 11

    nmap: easily Ping-Scan all addresses in my subnet

  12. 12

    Can I have a self-hosted VPN on my Linux host?

  13. 13

    Why does my firewall (iptables) interfere in my bridge (brctl)?

  14. 14

    How to find out what is launching a port scan in the night from my Linux?

  15. 15

    How can I perform a virus scan of my Windows install from Linux?

  16. 16

    Nmap Changed My Network?

  17. 17

    Why does my firewall reset upon reboot?

  18. 18

    Stop scan splitting my match

  19. 19

    My Linux server forgets its host name every day

  20. 20

    VitualBox not detecting my USB devices with a linux host

  21. 21

    How can I check if cgroups are available on my Linux host?

  22. 22

    How to setup a firewall between my ISP cable modem/router and my LAN?

  23. 23

    What is causing my UI Thread to be blocked?

  24. 24

    OpenCV - How to process each frame of a video in a separate host in my LAN?

  25. 25

    Xubuntu Linux - Why doesn't my localhost direct me to my virtual host site?

  26. 26

    Ping works, but I get 'No route to host' even though my firewall is off

  27. 27

    How my RAMs are blocked at 2666MHz?

  28. 28

    What does "my.firewall" mean on linux routing table?

  29. 29

    Why is my RestEasy WebService blocked when my @Asynchronous method is working?

HotTag

Archive