Hey fellas been a while since I have done ANY linuxing with IPTABLES so I know that I am going to be rusty.

Here is the scenario that I am trying to get acomplished. I am at work at my desk and would like to telnet to my home equipment preferably my cisco router.

The firewall administrator blocks telnet access to the outside world.

I am going to put up a linux box in front of my cisco router and run IPTABLES
at home.

Port 80 requests at my job are allowed through the company's firewall .

I was thinking of some how using port redirection on my linux box at home.

Any suggestions.

iptables -A FORWARD -j ACCEPT -p tcp --syn --dport 80
iptables -t nat -A PREROUTING -i eth0 -p tcp --syn --dport 80 -j DNAT --to $FORWARD_IP1:23

Why put the box infront of the router? Why not have the router forward port 80 requests to your linux box behind the router.

I believe you can run SSH on any port you chose, why not run it on 80. I know port 80 is usually reserved for http requests, but you are the only one going to the box so if you are not going to run a web server on that box this should work.

You could do the same for telnet sessions, but telnet is not encrypted.

I could be off my rocker with this idea, but it sounds more secure on paper.

iptables -A FORWARD -j ACCEPT -p tcp --syn --dport 80
iptables -t nat -A PREROUTING -i eth0 -p tcp --syn --dport 80 -j DNAT --to $FORWARD_IP1:23


Looks like that should work je_fro. Thanks man! I will post when I try it tonight.

of course your telnetd logs are going to have lots of interesting entries. might I recommend ssh?

je_fro explain please. I know what SSH is but that will not be allowed through my jobs firewall.

Are you referring to having me set up SSH on port 80 on my linux box and then redirect the request to port 23 on my cisco router with IPTABLES. :confused:

If that is what you are talking about, cool. Of course none of this is ideal however wanted to prove to someone at work that it was possible. :D

I did not get to trying it tonight however tomorrow looks promising :p

iptables -A FORWARD -j ACCEPT -p tcp --syn --dport 80
iptables -t nat -A PREROUTING -i eth0 -p tcp --syn --dport 80 -j DNAT --to $FORWARD_IP1:22

What this rule does, it takes packets incoming on port80 and sends them to another machine listening on port 22. i.e. ssh. That way you coule ssh yo.ur.ip.ad:80 and enjoy secure communication rather than insecure telnet. Assuming you've got sshd running on a machine with private IP $FORWARD_IP1.