280 lines
4.9 KiB
HTML
280 lines
4.9 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Detailed Directions</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Using Term to Pierce an Internet Firewall mini-HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="The Basic Procedure"
|
|
HREF="basics.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Multiple Term Sockets"
|
|
HREF="termsockets.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Using Term to Pierce an Internet Firewall mini-HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="basics.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
></TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="termsockets.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="DETAILS"
|
|
></A
|
|
>4. Detailed Directions</H1
|
|
><P
|
|
>First, from a machine inside the firewall, telnet to a target machine
|
|
outside the firewall and log in.</P
|
|
><P
|
|
>Unless you are under linux and will be using the proc filesystem (see
|
|
below) make sure your shell is an sh style shell. Ie if your default
|
|
shell is a csh variant, invoke telnet by:</P
|
|
><P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>setenv SHELL /bin/sh; telnet machine.outside</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>After logging in, on the remote (outside) machine invoke the command:</P
|
|
><P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>term -r -n off telnet</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>Now break back to the telnet prompt on the local (inside) machine,
|
|
using <TT
|
|
CLASS="LITERAL"
|
|
>^]</TT
|
|
> or whatever, and use the telnet shell escape command
|
|
<TT
|
|
CLASS="LITERAL"
|
|
>!</TT
|
|
> to invoke term:</P
|
|
><P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>telnet> ! term -n on telnet >&3 <&3</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>That's it!</P
|
|
><P
|
|
>If you have a variant telnet, you might have to use some other file
|
|
descriptor than 3; easy to check using strace. But three seems to
|
|
work on all bsd descendent telnet clients I've tried, under both SunOS
|
|
4.x and the usual linux distributions.</P
|
|
><P
|
|
>Some telnet clients do not have the ! shell escape command. Eg the
|
|
telnet client distributed with Slackware 3.0 is one such client. The
|
|
sources that the Slackware telnet client is supposedly built from</P
|
|
><P
|
|
><A
|
|
HREF="ftp://ftp.cdrom.com:/pub/linux/slackware-3.0/source/n/tcpip/NetKit-B-0.05.tar.gz"
|
|
TARGET="_top"
|
|
><I
|
|
CLASS="CITETITLE"
|
|
>ftp://ftp.cdrom.com:/pub/linux/slackware-3.0/source/n/tcpip/NetKit-B-0.05.tar.gz</I
|
|
></A
|
|
></P
|
|
><P
|
|
>A simple solution is therefore to
|
|
obtain these sources and recompile them. This unfortunately is a task
|
|
I have had no luck with. Plus, if you are running from inside a SOCKS
|
|
firewall, you will need a SOCKSified telnet client anyway. To that
|
|
end, I was able to compile a SOCKSified telnet client from:</P
|
|
><P
|
|
><A
|
|
HREF="ftp://ftp.nec.com/pub/security/socks.cstc/socks.cstc.4.2.tar.gz"
|
|
TARGET="_top"
|
|
><I
|
|
CLASS="CITETITLE"
|
|
>ftp://ftp.nec.com/pub/security/socks.cstc/socks.cstc.4.2.tar.gz</I
|
|
></A
|
|
></P
|
|
><P
|
|
>or, if you're outside the USA,</P
|
|
><P
|
|
><A
|
|
HREF="ftp://ftp.nec.com/pub/security/socks.cstc/export.socks.cstc.4.2.tar.gz"
|
|
TARGET="_top"
|
|
><I
|
|
CLASS="CITETITLE"
|
|
>ftp://ftp.nec.com/pub/security/socks.cstc/export.socks.cstc.4.2.tar.gz</I
|
|
></A
|
|
></P
|
|
><P
|
|
>Alternatively, under linux kernels up to 1.2.13, you can pause the
|
|
telnet with <TT
|
|
CLASS="LITERAL"
|
|
>^]^z</TT
|
|
>, figure out its pid, and invoke:</P
|
|
><P
|
|
><TABLE
|
|
BORDER="1"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>term -n on -v /proc/&,t;telnetpid>/fd/3 telnet</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>This doesn't work with kernels after 1.3.x, which closed some
|
|
mysterious security hole by preventing access to these fd's by
|
|
processes other than the owner process and its children.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="basics.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="termsockets.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>The Basic Procedure</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Multiple Term Sockets</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |