A Debian box is running web services on ports 80 and 443 and iptables is configured to allow web traffic only from white listed ip addresses.
A second Debian box (that is not white listed) is using nmap to run a port scan against the web server and is correctly showing that all ports are closed, however, the nmap scan results sometimes include the following:
sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, X.X.X.X, 16) => Operation not permitted
Offending packet: TCP X.X.X.X:53268 > X.X.X.X:443 S ttl=43 id=46849 iplen=44 seq=955188003 win=1024 <mss 1460>
Port 80 is never mentioned in the scan results -- only port 443.
Why is port 443 (but not port 80) being exposed to nmap?
This looks to actually be an issue that's occurring on your second Debian box when it attempts to send the packets in question, rather than it being anything to do with the box you're scanning.
Try disabling iptables/netfilter on the second box and see if that helps.