Telnet through Linksys WRT54G to home lab

I'm trying to allow port 23 on my Linksys router so that from the Internet
I can access my home lab.

I've set up port range forwarding for the local IP address with port 23 in the Linksys
and can also see the remote host trying to connect in the logs. I'm using DynDNS to track the IP on the Linksys, although is hasn't changed in months.

Problem is, the remote host cannot connect. If I telnet locally to the
external IP from a host on the LAN I can get in. Is there a trick or a setting that I am somehow missing?

Thanks,

George

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

bighornsheep

Is the interface of the Cisco router running telnet in the same subnet as WRT54G?

Have you checked TCP/UDP setting? Do the other port forwards work? Have you tried flashing your WRT54g?

theseman

Sounds like a firewall issue. Traffic from the LAN will have different rules than that from the WAN. I would check the firewall settings.

Travis

ilcram19

is da on da machine cuz if it is make sure the telnet service is running, and if it is on a router make sure u set up all the vty password and settins

georgemc

bighornsheep wrote:

Is the interface of the Cisco router running telnet in the same subnet as WRT54G?

Have you checked TCP/UDP setting? Do the other port forwards work? Have you tried flashing your WRT54g?

1. Yes. I can ping from the Cisco router to the Linksys and from any PC on the LAN to the Cisco router.

2. The Cisco is currently wide open for testing. When I've set up bit torrent in the past using port forwarding it worked fine. The LInksys (wrt54g v.3) is running dd-WRT v. 23 standard.

I've also disabled external (from the Internet) telnet to the linksys command line. I figured this would interfere with the forward of telnet to a machine on the LAN side.

Thanks,

George

georgemc

theseman wrote:

Sounds like a firewall issue. Traffic from the LAN will have different rules than that from the WAN. I would check the firewall settings.

Travis

I checked the firewall setting on the Linksys. It was basically an enable or disable switch. I disabled it completely to run a test and had the same results. Unable to connect.

georgemc

ilcram19 wrote:

is da on da machine cuz if it is make sure the telnet service is running, and if it is on a router make sure u set up all the vty password and settins

The VTY password and or settings are correct on the Cisco. I can telnet to it from any PC on my home network.

Silver Bullet

What is the default route of the router that you are wanting to connect to. Is there one set?
Since the linksys is the internet facing router then your default route will need to be routed to the linksys.

Otherwise it will only be aware of LAN addresses right?

georgemc

Silver Bullet wrote:

What is the default route of the router that you are wanting to connect to. Is there one set?
Since the linksys is the internet facing router then your default route will need to be routed to the linksys.

Otherwise it will only be aware of LAN addresses right?

The router I'm attempting to connect to is a Cisco 2511. I'm not using it for routing. I have an ip default-gateway setup pointing to the Linksys (192.168.1.1), and from the 2511 I can ping other routers on the LAN. I haven't tried a ping to the outside port of the Linksys. I'll verify that i can ping from the 2511 to the outside of the linksys when I get home. I have no reason to believe it wont work.

Although now that I'm thinking about it. I believe the Linksys will be forwarding from the 192.168.1.1 address, which should work even without a gateway/default route being set. I'll have to set up a sniffer and verify that also.

dtlokee

georgemc wrote:

Silver Bullet wrote:

What is the default route of the router that you are wanting to connect to. Is there one set?
Since the linksys is the internet facing router then your default route will need to be routed to the linksys.

Otherwise it will only be aware of LAN addresses right?

The router I'm attempting to connect to is a Cisco 2511. I'm not using it for routing. I have an ip default-gateway setup pointing to the Linksys (192.168.1.1), and from the 2511 I can ping other routers on the LAN. I haven't tried a ping to the outside port of the Linksys. I'll verify that i can ping from the 2511 to the outside of the linksys when I get home. I have no reason to believe it wont work.

Although now that I'm thinking about it. I believe the Linksys will be forwarding from the 192.168.1.1 address, which should work even without a gateway/default route being set. I'll have to set up a sniffer and verify that also.

You still need a default route from the 2511 to the linksys because the destination address will be translated by NAT but the source address will not be. You can use the "ip default-gateway" command only if you also disabled ip routing with the "no ip routing" command. If that's notthe case you can use the "ip route 0.0.0.0 0.0.0.0 192.168.1.1" command to enter one.

Silver Bullet

I think you are correct. Port forwarding should show that it originates from 192.168.1.1.

It is possible that the packets are being forwarded to the router now. But if the router doesn't have a default route that tells it to send everything destined to another network than 192.168.1.0/24 to 192.168.1.1, then you are only having a one way conversation.

I may be totally way off base here. It wouldn't be the first.

georgemc

dtlokee wrote:

You still need a default route from the 2511 to the linksys because the destination address will be translated by NAT but the source address will not be. You can use the "ip default-gateway" command only if you also disabled ip routing with the "no ip routing" command. If that's notthe case you can use the "ip route 0.0.0.0 0.0.0.0 192.168.1.1" command to enter one.

Hmm. I can't remember if I disabled IP routing or not. But this sure sounds like the answer to me. I'll double check when I get home.

It's kinda scary that I've been doing this long enough to remember when you used to have to enable "ip routing" in order to route anything.

georgemc

Thanks guys, problem is resolved. I just needed to set a default route on the 2511. I wasn't aware that the Linksys didn't translate the source address. And I'll never make THAT mistake again.

Thanks again,

George