Detects whether the remote device has ip forwarding or "Internet connection sharing" enabled, by sending an ICMP echo request to a given target using the scanned host as default gateway. The given target can be a routed or a LAN host and needs to be able to respond to ICMP requests (ping) in order for the test to be successful. In addition, if the given target is a routed host, the scanned host needs to have the proper routing to reach it. In order to use the scanned host as default gateway Nmap needs to discover the MAC address. This requires Nmap to be run in privileged mode and the host to be on the LAN.
The script is here: http://seclists.org/nmap-dev/2012/q2/att-192/ip-forwarding.nse
If you like my blog, Please Donate Me