firewall appliance help

["HA LO" <halo7 () onebox com>]

I am pretty much a newbie to actual pentesting but not a newbie to networking.
I have been lurking on this list a while trying to learn as much as I
can.  So here is what I need a little help with.

I am trying to communicate/scan with a computer behind one of those firewall/router
appliances.  When I've done an Ack scan it shows that all ports are unfiltered,
but all other scans show the ports as being filtered, so I think it is
a packet filter and is not stateful.  It probably is also performing
NAT.  How can I determine what hosts are live on the internal network
and how would I be able to establish any communication with them.

What kind of swithes with nmap would I be able to use to determine live
hosts behind such a router, and then once I can determine what hosts
are up what kind of tools can I use to actually try and test/penetrate
such a host through the firewall.

Sorry to take up your time with such a newbie question but Ive searched
the archives and didnt really come up with a specific solution.  Links
or just a push in the right direction would be really appreciated, I'll
do the research from there.  Thanks.


__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/