I'm just assessing the security of my home server in preparation for opening it up to the internet. I've used nmap from a machine on my local network but I have firewall rules allowing access from the local network so this reveals more than I think will be visible from the internet.
Is there any way to 'spoof' the address nmap is scanning from, so I can see what a potential attacker would see? Any google search for that kind of thing yields a lot of very shady looking websites...
Try ShieldsUp from Gibson Research. It'll do a simple scan with properly-formed packets, so not everything you might like to scan for. It's been around for years without any fishy reputation that I'm aware of, and the Gibson guy is also quite a character.
It's right in the manual:
(there other useful options too)
I remember learning Nmap and the decoy/zombie/idle/FTP scan techniques blew my mind with how clever they were. The idle scan has nice pictures to really understand it :D
http://nmap.org/book/man-port-scanning-techniques.html
http://nmap.org/book/man-bypass-firewalls-ids.html
http://nmap.org/book/idlescan.html