Masquerading incoming Telnet through my firewall

Masquerading incoming Telnet through my firewall

Post by David Aki » Sat, 27 Feb 1999 04:00:00



I have your run of the mill 10.1.1.0 network with Linux 2.0.36
performing IP Masquerading from the eth0 to the ppp0.

The Linux firewall is eth0:             10.1.1.1
                    ppp0:               1.2.3.4

I have a telnet client running on 10.1.1.20

I want to telnet into the 10.1.1.20 box from outside my network on
some arbitrary port, say 9999.  So "telnet 1.2.3.4:9999" and have the
firewall translate all port 9999 packets and forward them to 10.1.1.20
on some port (I guess 9999 would work)  What ipfwadm commands do I
need to run to do this?

 
 
 

Masquerading incoming Telnet through my firewall

Post by Greg Wee » Sat, 27 Feb 1999 04:00:00




Quote:

> I have your run of the mill 10.1.1.0 network with Linux 2.0.36
> performing IP Masquerading from the eth0 to the ppp0.

> The Linux firewall is eth0:                10.1.1.1
>                ppp0:               1.2.3.4

> I have a telnet client running on 10.1.1.20

> I want to telnet into the 10.1.1.20 box from outside my network on
> some arbitrary port, say 9999.  So "telnet 1.2.3.4:9999" and have the
> firewall translate all port 9999 packets and forward them to 10.1.1.20
> on some port (I guess 9999 would work)  What ipfwadm commands do I
> need to run to do this?

You don't. You get the ipportfw patch and apply it, or you can use one
of the TCP retirectors. rinet, redir etc. These allow a pin-hole
through the firewalling when ip mask precludes simply opening the
port.

Greg Weeks
--
http://durendal.tzo.com/greg/

 
 
 

Masquerading incoming Telnet through my firewall

Post by Scot E. Wilcoxo » Sat, 27 Feb 1999 04:00:00


Quote:> You don't. You get the ipportfw patch and apply it, or you can use one
> of the TCP retirectors. rinet, redir etc. These allow a pin-hole
> through the firewalling when ip mask precludes simply opening the
> port.

Preferably with the Deception Tool Kit running on a bunch
of other ports to hide the pinhole (http://all.net/dtk/dtk.html)
or have a DTK script on a certain port which recognizes a
password and opens a pinhole only to your IP address.

Better yet, use SSH to make a secure telnet connection.

 
 
 

1. IIS thru IP Masquerading firewall?

Newsgroupies

The rig:

    modem -> Linux -> IP Masq -> Ethernet -> WinNT

The WinNT box obviously has an intranet IP number.

If I install IIS on the WinNT, how badly will it kick and scream? Can I
route HTTP thru the IP Masq as if the WinNT were really the 'httpd' on
Linux?

(The alternative I'm trying to avoid is a modem-transplant - and then _no_
TCP/IP for Linux!)

  --  Phlip at politizen dot com                  (address munged)
======= http://users.deltanet.com/~tegan/home.html =======

2. How fast is a 550's square root, anyway?

3. Punch a hole thru firewall for telnet 25

4. DHCP Server and naming

5. term via telnet thru firewall...

6. Apache hangs for a few minutes and serves again

7. Telnet thru firewall rejected on OS 5.0.4

8. Laptop Video

9. telnet thru firewall dies

10. Help on firewall ruleset for routing X (Exceed) thru the Linux firewall

11. Flame my Firewall - Masquerade Masquerade !

12. Masquerading to and thru a Subnet