Very Computer

I am trying to tunnel through a firewall where I have a telnet account
set up.  The firewall will not allow me to use ssh.

Let's assume three machines:
INTERNAL -- inside the firewall
FIREWALL -- yes, the firewall machine
EXTERNAL -- the machine in the real internet that has full access

If I do things manually with an expect script, I can let logged into
my shell account on EXTERNAL without any problems.  It goes like this:
send telnet
expect username
send myname
expect password
send mypassword1
expect computername
send telnet EXTERNAL
expect pasword
send mypassword2
expect computername
send ppp-command
interact

This isn't a correct expect script, but it shows what I'm trying to
do.

I've tried pppd pty 'expect .....' with no luck  I'm beginning to
wonder if the FIREWALL telnet is eight bit clean.  I can't send it any
parms when I launch from there.  Is there any way to encode a ppp
session into a 7 bit conversation, like uuencode?

Also, it's not clear if I can use expect in this manner.  Obviously a
chat script won't work ... unless I'm missing something.

: I am trying to tunnel through a firewall where I have a telnet account
: set up.  The firewall will not allow me to use ssh.
:
: Let's assume three machines:
: INTERNAL -- inside the firewall
: FIREWALL -- yes, the firewall machine
: EXTERNAL -- the machine in the real internet that has full access
:
: If I do things manually with an expect script, I can let logged into
: my shell account on EXTERNAL without any problems.  It goes like this:
: send telnet
: expect username
: send myname
: expect password
: send mypassword1
: expect computername
: send telnet EXTERNAL
: expect pasword
: send mypassword2
: expect computername
: send ppp-command
: interact
:
: This isn't a correct expect script, but it shows what I'm trying to
: do.
:
: I've tried pppd pty 'expect .....' with no luck  I'm beginning to
: wonder if the FIREWALL telnet is eight bit clean.  I can't send it any
: parms when I launch from there.  Is there any way to encode a ppp
: session into a 7 bit conversation, like uuencode?
:
: Also, it's not clear if I can use expect in this manner.  Obviously a
: chat script won't work ... unless I'm missing something.
:
Remove variables and unknowns.  Try replacing Expect and Telnet with
C-Kermit:

  http://www.columbia.edu/kermit/ckermit.html

which (a) can be automated directly, rather than indirectly by a separate
program; (b) can be told to make 8-bit-clean 100% transparent connections;
and (c) yet nevertheless knows that when it is a Telnet client that it must
quote IACs.  Scripting examples:

  http://www.columbia.edu/kermit/ckscripts.html

A somewhat related article on using C-Kermit as your PPP dialer:

  http://www.columbia.edu/kermit/case13.html

The commands for telling C-Kermit to make a 100%-transparent Telnet
connection are:

  eightbit                          ; 8-bit clean
  set terminal escape disabled      ; No escape character
  set host xxxx                     ; (replace by hostname)
  if fail exit 1

And then rest of your script is about the same, except replace
"expect" with input <n> (where <n> is the number of seconds to wait
before timing out and failing) and "send" with "output" or "lineout":

  input 10 username
  if fail exit 1 No username prompt
  lineout myname                     ; (or use a variable here)
  input 5 password
  lineout mypassword1                ; (but don't put passwords in files!)

etc.

- Frank

You're not tunneling.  You're trying to automate a telnet session from
the firewall.  BTW, why would anyone leave telnet open on a firewall?  
That's an open invitation to hacking.

--

james.knott.

Quote:> I am trying to tunnel through a firewall where I have a telnet account
> set up.  The firewall will not allow me to use ssh.
> Let's assume three machines:
> INTERNAL -- inside the firewall
> FIREWALL -- yes, the firewall machine
> EXTERNAL -- the machine in the real internet that has full access

[...]

Quote:> Also, it's not clear if I can use expect in this manner.  Obviously a
> chat script won't work ... unless I'm missing something.

Maybe you are.  Here's an example that may be of value, _provided_ you
have root privilege on the machine to which you telnet:

pppd 192.168.2.1: debug pty 'telnet -8E 192.168.1.2' connect 'chat -v \
"ogin: " name "sword: " password \\$ "su1 su -" "# " "stty -echo;\
/usr/sbin/pppd debug 192.168.2.2:"'

This worked for me between two computers at home.  Yes, it's not secure
but then my home environment isn't hostile.  If you have the capability
of running pppd on the other side without becoming root then a modified
version of this script should also work.

/* ... packets usually cross many administrative boundaries on their way
   from a source to a destination and often the only point of agreement
   between those separate administrations is that all problems are someone
   else's fault.   --Van Jacobson, abstract of April 97 MSRI talk */

That is exactly what I have been looking for.
I'll try it tomorrow.

Thanks.