Scan via alternate gateway

[Chris Frederick <cdf123 () cdf123 net>]

Hi all,

I have a server that we are moving from one dmz into another.  We are starting the migration and now have the server dual homed with an ethernet 
connection to both subnets, but the default gateway is still set to the old dmz.  I was wondering if there's a way to nmap scan servers that 
this server connects to from the other gateway to see if there are any firewall issues from the new ip address, so we can see which servers we 
will need to address before the final switch over.

It looks like it could be doable, but it seems I would be short one option.  A combination of --send-eth and -S gets the packet setup right, and 
-e points it in the right direction, but it still needs a gateway to forward it off.  The gateway is accessible, but if I switch the host over 
to the new one it could cause issues with people using the server.  I've setup multiple routing tables and policy routing before, but I'd rather 
not go through all that hassle.  Would it be difficult to add some kind of a "--mac-relay" or "--ip-relay" to force packets to be send via a 
specific gateway (other than the configured host's gateway)?  Or am I way over simplifying this?  Or is there another method I could use to scan 
these?

Thanks in advance.

Chris
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/