(M)  s i s t e m a   o p e r a c i o n a l   m a g n u x   l i n u x ~/ · documentação · suporte · sobre

  Next Previous Contents

5. Detailed directions

In detail, the process goes like this.

First, from a machine inside the firewall, telnet to a target machine outside the firewall and log in.

Unless you are under linux and will be using the proc filesystem (see below) make sure your shell is an sh style shell. Ie if your default shell is a csh variant, invoke telnet by

(setenv SHELL /bin/sh; telnet machine.outside)

After logging in, on the remote (outside) machine invoke the command

term -r -n off telnet

Now break back to the telnet prompt on the local (inside) machine, using ^] or whatever, and use the telnet shell escape command ! to invoke term,

telnet> ! term -n on telnet >&3 <&3

Et voila!!!

(If you have a variant telnet, you might have to use some other file descriptor than 3; easy to check using strace. But three seems to work on all bsd descendent telnet clients I've tried, under both SunOS 4.x and the usual linux distributions.)

Some telnet clients do not have the ! shell escape command. Eg the telnet client distributed with Slackware 3.0 is one such client. The sources that the Slackware telnet client is supposedly built from,

ftp://ftp.cdrom.com:/pub/linux/slackware-3.0/source/n/tcpip/NetKit-B-0.05.tar.gz
have the shell escape command. A simple solution is therefore to obtain these sources and recompile them. This unfortunately is a task I have had no luck with. Plus, if you are running from inside a SOCKS firewall, you will need a SOCKSified telnet client anyway. To that end, I was able to compile a SOCKSified telnet client from
ftp://ftp.nec.com/pub/security/socks.cstc/socks.cstc.4.2.tar.gz
or if you're outside the USA,
ftp://ftp.nec.com/pub/security/socks.cstc/export.socks.cstc.4.2.tar.gz

Alternatively, under linux kernels up to 1.2.13, you can pause the telnet with ^]^z, figure out its pid, and invoke

term -n on -v /proc/<telnetpid>/fd/3 telnet
This doesn't work with newer 1.3.x kernels, which closed some mysterious security hole by preventing access to these fd's by processes other than the owner process and its children.
Next Previous Contents