With nmap, if you set the option -P0 (do not ping) it will always say "host seems to be up... Good". This however does not mean shit. It does not mean the host is up, nor does it mean that there is anything on the other end to scan. All it means is you skipped the ping portion of the scan that verifies there truly is a responding machine on the other end.

As for actually getting through the firewall, well heh. That's where the fun comes in. Try doing a normal scan (not sure why you are using XMAS) and see what that comes back with. If in the end you don't see any ports open on the outside I don't think it's gonna make a lick of difference in helping you. You're screwed.

But you said you have root privs on this machine. Why not rootkit yourself, or even install some kind of trojan that goes out through the proxy to you? It is almost always easier to get out than it is to get in. Then you can have your remote access.

Infinite