Tunnel with telnet and PPP?
Brian K. Michalk
I'm looking for a way to tunnel through a firewall that allows
telnet access to the outside world. I've looked at TIA, SLiRP,
and others, but they all assume a modem link to the internet.
I want to encapsulate my packets in TCP/IP over a telnet session.
I thought PPP would do it ... log on to the remote machine
and start the ppp from there, then start it on my end, but
how to grab the characters coming through the telnet session
and into the local pppd?
--
Brian Michalk |No, the |AWPI, home of *the* online magazine about Austin.
mic...@awpi.com|other one|Providing systems integration and internet solutions.
Andrew Sun
I suggest you check with your firewall administrators, or your security staff,
before implementing such a tunnel.
A PPP tunnel will open a big, BIG, security hole that the firewall was designed to
protect.
It is possible to arrange PPP to communicate with a telnet tunnel.
If it is UNIX, and your using PPP that expects to communicate with a serial device
(/dev/cua1), you can use pseudo tty devices instead.
A pty looks like a serial device, but is really a connection to another program,
which in turn, can reroute traffic to yet another program, like telnet.
This takes skill to setup (yes, I've done it), and you'll still need to write
the software that connects a pty to telnet.
Good luck,
andrew
Stephen J. Perkins
Andrew Sun wrote:
>
> I suggest you check with your firewall administrators, or your security staff,
> before implementing such a tunnel.
> A PPP tunnel will open a big, BIG, security hole that the firewall was designed to
> protect.
>
> It is possible to arrange PPP to communicate with a telnet tunnel.
> If it is UNIX, and your using PPP that expects to communicate with a serial device
> (/dev/cua1), you can use pseudo tty devices instead.
> A pty looks like a serial device, but is really a connection to another program,
> which in turn, can reroute traffic to yet another program, like telnet.
>
> This takes skill to setup (yes, I've done it), and you'll still need to write
> the software that connects a pty to telnet.
There is a program for NeXT called 'virtmodem' that does
just this. You will probably have to modify it to work with
your system. It would be a starting place.
ftp://ftp.peak.org/pub/next/apps/internet/ppp/dev/virmodem.tar.gz
YMMV. Hope this helps.
- Steve
Pim van Pelt
mic...@awpi.com (Brian K. Michalk) writes:
>I'm looking for a way to tunnel through a firewall that allows
>telnet access to the outside world. I've looked at TIA, SLiRP,
>and others, but they all assume a modem link to the internet.
>I want to encapsulate my packets in TCP/IP over a telnet session.
>I thought PPP would do it ... log on to the remote machine
>and start the ppp from there, then start it on my end, but
>how to grab the characters coming through the telnet session
>and into the local pppd?
I've managed to set up this sort of tunnel via virtmodem.
virtmodem allocates a tty (on my linux host), say ttypd.
i then invoke pppd with what I think are the right
options (because my modem uses them)
Then I telnet into the remote server, and indeed, my local
P-t-P on ppp0 is established. The servers even negotiate
IP numbers. But for some strange reason, no routes are
defined. Here's a syslog of the calling machine:
--
Oct 23 01:15:08 trustno1 pppd[3617]: Using interface ppp0
Oct 23 01:15:08 trustno1 pppd[3617]: Connect: ppp0 <--> /dev/virtmodem
Oct 23 01:15:11 trustno1 pppd[3617]: local IP address 131.155.141.174
Oct 23 01:15:11 trustno1 pppd[3617]: remote IP address 131.155.141.160
--
the funny thing is the ppp0 device, which insists on being netmasked
255.255.255.255, even though i explicitly tell it to be .0
Also, on the other end (131.155.141.160), the netmask is weird:
255.255.0.0
If i try to change these netmasks, the pppd's seem to lose sync and
die.
By the way. We're running this tunnel through 2 IP masquerading hosts
and we do have permission by the network admins.
Any help is appreciated on p...@track.nl or in this thread. Thanks
Pim van Pelt <p...@track.nl> Da_P on IRCNet