2 Replies Latest reply: Nov 14, 2012 3:27 PM by alan.pae RSS

    Nmap on non-global Solaris 10 zone as root

    970898
      Hi,

      I'm using nmap 6.01.

      Nmap works fine on the global zone in Solaris 10.
      It works fine on a non-global zone if NOT run as root, but I need to run as root since I need to do UDP scans.
      As non-root on a non-global zone I get the following error:

      bash-3.2# /usr/local/bin/nmap -sP 127.0.0.1

      Starting Nmap 6.01 ( http://nmap.org ) at 2012-10-23 15:14 SAST
      route_dst_generic: Failed to obtain system routes: getsysroutes_dnet: route_open() failed

      The zone is a shared-IP zone. As far as I know on Solaris 10 you cannot create an exclusive IP zone (which I suspect may solve the problem) unless you have another separate NIC to attach to it. The machine is x86, running on VMware. Also, from what I've read you can't create a virtual NIC for the child zone in Solaris 10 - this can only be done in Solaris 11. I don't have that option as I have to get this to work on machines already in production.

      I've tried giving the child zone the net_rawaccess privilege with the same results. Also the root of the problem looks like ldnet - I tried building and running ldnet 1.12 separately just to check and here is the result on the non-global zone:

      bash-3.2# /usr/local/sbin/dnet intf show
      intf_loop: No such device or address

      On the global zone it works fine:

      bash-3.2# /usr/local/sbin/dnet intf show
      lo0: flags=0x23<UP,LOOPBACK,MULTICAST> mtu 8232
      inet 127.0.0.1/8
      e1000g0: flags=0x31<UP,BROADCAST,MULTICAST> mtu 1500
      inet 10.118.5.212/24
      link 00:50:56:9e:3f:d1

      Is it actually possible to do this? i.e. run nmap as root user on a non-global zone in Solaris 10?

      Thanks is advance.