telnet through firewall to unix box

telent = dangerous

Some examples of inherently insecure services include servers that require passwords or passphrases for authentication (in itself, a secure feature), but fail to encrypt the passwords as they are sent over the wire to the authenticating service. Telnet and FTP are two such services. A packet sniffing device set between a remote user and the telnet server can easily be set to steal passwords (especially if the telnet user happens to switch to an administrative user during a telnet session).

Better to install openssh on the unix box and then remotely connect using an ssh client command shell or a gui openssh client like winscp, all free opensource apps. (I use winscp all the time)

http://www.openssh.com/
http://winscp.net/eng/index.php

 

OK. To allow telnet pass through in the router you must set up port forwarding for port 23 (udp and tcp).

If telnet session is for a short time period you could just put the unix box in the router's dmz and all open ports on the box would be accessable from outside the lan.

If will regularly need remote telnet acces then setup port forwarding to use an uncommon http port for telnet, such as 8081, and config the unix telent daemon to use that port instead of port 23. This way outsiders doing port scans for telnet daemons won't be able to detect the running telnet daemon because someone looking for it will be scanning for opened port 25s. But if really need regular access then best to use ssh.

Another solution, one that I use for my 2 Debian linus boxes, is to run Webmin with the desired modules. Webmin allows secure access to unix configs via the browser from anywhere, but you still need to config port forwarding the the router for webmin.
http://www.webmin.com/

 

Then just try putting the box in the DMZ. That way all traffic looking for that box will passs through. If it doesn't pass through then you know for sure that the reason is the .1 address. Also, what is the address of the router? Default it's 192.168.1.1, but that too can be changed in the router config and may have been changed to something like 10.10.10.0.

also, the nix box may have it's own iptables firewall blocking telnet port.

 

try the dmz method and post results.

also, I believe dlink has advanced: editing firewall rules option similar to filters. maybe a rule that allows telnet to the server....

 

OK then.
so, current ip address of box is 10.10.10.1 & around 70 production machines connecting routinely via Tiny Term , thus dlink is allowing requests for that ip to pass through locally, so there's no logical reason that the dlink should deny wan pass through to the box if enabled in the dlink. And when box in dmz and wan pass tghrough is still denied then that leads me to believe that either a telnet daemon is not running on the box or else there is another daemon running on the box that prevents & won't ack requests to port 23 (nix firewall such as iptables)

what os on the unisys box??

 

If the unix box is connected to the dlink, then yes, all lan (local) requests to it go through the dlink router, at least they must pass through the router's built in switch. To access the unix box from the wan side, the unix box must have a fully qualified domain name registered with dns servers, else the remote user must access it using the ip address assigned by the isp.

 

wow! That makes so much sense, but is one of those things that is burried deep as a cause of the problem. Must have taken some concentrated digging at config files to locate that!