Telnet through WAN to UNIX

[gavinseabrook]

Hey all,

I just completed a job where they wanted to go wireless and switch ISP. Well, I setup all the new ISP WAN info in the router (WRT54G Linksys wireless router), and set the telnet port (23) to the address of their UNIX server. They use a software called Medical Manager, and we have no problems what so ever telnetting to this server from inside the network. The problem I am having, is that it wont telnet from the WAN address. Let me make a small diagram:

Router IP: 192.168.2.1
UNIX SERVER: 192.168.2.99


The telnet port is forwarded to .99, and I even turned on DMZ to .99, still no telnet to the wan address. The WAN is pingable from any location I am at, and I have a remote connection to one station there at the office. Has anyone ever expeirienced this before?

BTW: I have updated the router to the newest firmware.

 

[DelJo63]

the port forward needs to originate from the router's PUBLIC IP to the
unix server ip.

pst:
get Telnet working first and then abort all telnet and go for SSH

 

[Nodsu]

Did you try telnetting from outside your LAN too? Many routers are unable to do loopback connectons and you will never be able to connect to your WAN address from the LAN side.

 

[Justin]

Did you try telnetting from outside your LAN too? Many routers are unable to do loopback connectons and you will never be able to connect to your WAN address from the LAN side.

This is very true. In just about any instance where NAT is involved (this being one of them), you cannot telnet from the LAN side of the NAT to the WAN address of that network. Also, don't set a host to DMZ as well as have a port forwarded. Remove it as a DMZ host and have just TCP port 23 forwarded from the router to the internal host.

From there, on an external host, scan port 23 to see if it is open.

 

[gavinseabrook]

I have tried telnetting from outside the network. The router still sees the connection attempt to the WAN IP, but it seems to just kinda stop from there. Then in my telnet I get the "Could not open connection to the host, on port 23: connect failed". So it is my assumption that it is either the router, or the server. But I ruled out the server not connecting on port 23 because as I stated, I can connect from inside the network. I actually talked to linksys and they say to powercycle it, but i truly doubt this will have any effect on the port forwards.

 

[Justin]

Does the server has the router set as its default gateway? If not, it will not function.

Also, double check to make sure you don't have overlapping forwards - and, remove it as a DMZ host first. Try resetting the router to default settings, then placing the forward rule in.

 

[gavinseabrook]

Well, I remote desktopped connected to a different computer there, then telnetted from there.

I went to the SCOADMIN tools network config. This is what I see

Local host name: sco
IP ADDY: 192.168.2.99
netmask: 255.255.255.0
Broadcast Addy: 192.168.2.255
Domain Name: Candelaria.com

So I dont really see where the option for default gateway would be.

 

[Nodsu]

Routing setup maybe? Try the "route" command from a shell and see if you have a "default" or "0.0.0.0" entry.

Also, the telnet daemon on the server may be configured so that it accepts connections only from LAN. Usually such restrictions are done using hosts.allow and hosts.deny files in /etc

 

[gavinseabrook]

Well, they used to have an Instagate EX router, and when that was hooked up, the telnet worked just fine. Once that router went to crap, they moved to the linksys WRT54g, and now telnet doesnt work. lol.