Telnet through NAT Router assitance Please

[bjdobs]

I recently installed an SMC cable/WAN Router which has several Win 2K machines and a SCO openserver 5.0.5 Box ... I can Telnet to SCO from any of the machines on the LAN however even with port 23 opened on the Router (NAT firewall installed), I can't seem to connect to it from the WAN side ... also tried the DMZ feature again no luck.

I read up a bit on SCO gateways but it appears SCO's notion of gateway is to be a gateway not use a gateway as in the MS world of just identifying a default gateway

I added the gateway IP to the hosts file with no luck

The LAN configuration appears to not provide DNS or default gateway parameters so I was thinking maybe they have separated these into the WAN configuration.

There is currently no WAN configuration set up on the SCO box ... could this possibly be the issue? If so what do I need to do to configure this? I followed the XWindows dialog for WAN but it only provides a SLIP protocol which I don't believe is appropriate for the cable connection?

Could someone please point me to some documentation that might shed some light on this for me and or give me a few pointers.

Thanx

 

[stanhubble]

What you are looking for is the ability of the router to do port forwarding. IE anything coming in on port 23 of the wan side of the router is forwarded to machinne x on the lan side of the router. By the way this is EXTREMELY dangerous from a security standpoint.
(i'll ignore any dhcp setups that can do alot of this)

Lets assume your router has a lan address of 192.168.1.1 and your sco machine is 192.168.1.2
and your win2k machine is 192.168.1.3

So on your sco machine you would have 2 routes set:
(to view routes use netstat -nr)
192.168.1.0 -> 192.168.1.2 (how to get to my local net)
default -> 192.168.1.1 (how to get anywhere else)

for dns config see: /etc/resolv.conf

Sorry will have to continue this later.....gotta go

 

[bjdobs]

The SMC does have a port forwarding ... including an alias port forwarding ie mapping a different port to a known port ... I agree it is still not safe but what other options are there? xyz -> 23 ... what troubles me is I read a discussion regarding Telnet where it was described that port 23 is used for the first contact after which the Telnet Server switches the client to another port (not sure if this is configurable to an individual port or group of ports) ... is this true??? If it is then a whole range of ports must be made available on a trigger so the server can use whatever port it desires.

 

[Megabitman]

My recommendation is to setup a VPN from the outside world to the LAN side of the network. This will greatly increase the security surrounding the telnet process to the SCO box. Unfortunately, SMC (at least the models I have used) does not support VPN authentication at the router, but other vendors such as Netopia and Cisco do. Linksys offers a low-end VPN router, but it does not support PPTP (the VPN protocol included with any win9x and above systems). I am not impressed with LinkSys as a company anyways in terms of quality assurance. If you have a win2k server, then you could use the PPTP VPN and port forward 1723 to your server. At any rate, I'd highly recommend using a VPN to link the outside world to your SCO box.