I am posting this in the hopes that this thread can die on bugtraq and go where it is most likely more appropriate (nmap-dev perhaps). Anyway, since I have gotten so many different people saying so many different things to me, I in response to my previous comments about nmap and linux 2.4 I thought I would post this (hopefully) final message in that thread. Using nmap and linux 2.4 I started noticing some problems. Other people that I talked to confirmed they too were having problems. I mentioned this on bugtraq, and some people there said they too had sendto() errors, while others said they did not. I started looking around and it appears that the iptables code is what is causing the EPERM error. Specifically 'Connection tracking (required for masq/NAT)' located in the kernel configuration under Networking Options=>IP: Netfilter Configuration. I have debugging on (dont know if that is required) and get this message NAT: 3 dropping untracked packet d1c95b20 6 127.0.0.1 -> 127.0.0.1 This is from the connection tracking code that is required for Linux 2.4 to do NAT. I looked briefly at the source code to this module (/usr/src/linux/net/ipv4/netfilter/ip_nat_standalone.c) and it appears that if you just not drop the packet, everything will be fine. I really have no idea what else may result of doing this, and I really didnt look at this part of the code AT ALL. At the time of this writing I have been unable to test NAT functionality (although I guess it will work) One side note to this, you may now see multiple kernel errors as the packet goes through the different filters (in, nat, out, etc). I see 3 different ones for each packet, but that is not a big deal. So there are multiple solutions to the sendto() problem with Linux 2.4 + NAT 1. Dont use Linux 2.4 + NAT (connection tracking) 2. Ignore the sendto() EPERM error, note Test 2 will not be sent 3. Alter the kernel to not drop the packet I do not know what is going to happen if you do this, so use at your own risk. Diff from a linux 2.4.2 kernel # diff ip_nat_standalone.c ip_nat_standalone.c.orig 81c81 < return NF_ACCEPT; --- > return NF_DROP; For other 2.4 kernels you may want to look for the line: printk(KERN_DEBUG "NAT: %u dropping untracked packet %p %u %u.%u.%u.%u -> %u.%u. %u.%u\n", The next statement should be the return.