So I wanted to do some testing yesterday.

I set the firewall to leave four machines available to the outside world. A NetWare 6 mail server, a Win2k web server, a NetWare 5.1 print and file server (with nothing important on it) and a Nortel VPN concentrator. They all have static NAT translations, and they all have relaxed firewall rules for access from the public net. Anything from allow all traffic to allow only on certain ports. I verified that I can get to all four boxes from home before I ran the test.

Thinking that these four would show up for sure, I was really more concerned with what else might show up, (looking for cracks in the firewall) though I did want to see how much of these four boxes was visible.

So I ran this command from nmap as root:
nmap -v -sS -sR x.x.x.0/21 >> myfile

Lo and behold.....the only thing that showed up out of all those hosts was the mail server. Yeah for me, the firewall seems to be working, but this has got to be a bit of a false sense of security. Why didn't nmap catch my other three 'open' boxes? Wrong arguments on my part?