Re: Scan via alternate gateway

[Robin Wood <robin@digi.ninja>]

A quick thought, can you force nmap to use a fixed source port then
set up iptables to route anything from that source port through the
alternative gateway?

Robin

On 22 December 2014 at 20:48, Chris Frederick <cdf123 () cdf123 net> wrote:
> Hi all,
>
> I have a server that we are moving from one dmz into another.  We are
> starting the migration and now have the server dual homed with an ethernet
> connection to both subnets, but the default gateway is still set to the old
> dmz.  I was wondering if there's a way to nmap scan servers that this server
> connects to from the other gateway to see if there are any firewall issues
> from the new ip address, so we can see which servers we will need to address
> before the final switch over.
>
> It looks like it could be doable, but it seems I would be short one option.
> A combination of --send-eth and -S gets the packet setup right, and -e
> points it in the right direction, but it still needs a gateway to forward it
> off.  The gateway is accessible, but if I switch the host over to the new
> one it could cause issues with people using the server.  I've setup multiple
> routing tables and policy routing before, but I'd rather not go through all
> that hassle.  Would it be difficult to add some kind of a "--mac-relay" or
> "--ip-relay" to force packets to be send via a specific gateway (other than
> the configured host's gateway)?  Or am I way over simplifying this?  Or is
> there another method I could use to scan these?
>
> Thanks in advance.
>
> Chris
> _______________________________________________
> Sent through the dev mailing list
> http://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/