If your firewall is redirecting ftp traffic to ftp-proxy using a redirection rule, tell that rule not to redirect the IP you're scanning from (at least during the scanning process). Though: if a port 21 is open on any of those hosts, you can't get to it and you will never notice it ..
Note that using nmap/nessus through a firewall has limited reliability anyway, because nmap/nessus may report ports as closed on the hosts it's supposed to scan just because the intermediate firewall doesn't allow connections to these ports. In other words: you're none the wiser, because you have an 'impaired view on the world'.
|