4. Detailed Directions
First, from a machine inside the firewall, telnet to a target machine
outside the firewall and log in.
Unless you are under linux and will be using the proc filesystem (see
below) make sure your shell is an sh style shell. Ie if your default
shell is a csh variant, invoke telnet by:
setenv SHELL /bin/sh; telnet machine.outside |
After logging in, on the remote (outside) machine invoke the command:
Now break back to the telnet prompt on the local (inside) machine,
using ^] or whatever, and use the telnet shell escape command
! to invoke term:
telnet> ! term -n on telnet >&3 <&3 |
That's it!
If you have a variant telnet, you might have to use some other file
descriptor than 3; easy to check using strace. But three seems to
work on all bsd descendent telnet clients I've tried, under both SunOS
4.x and the usual linux distributions.
Some telnet clients do not have the ! shell escape command. Eg the
telnet client distributed with Slackware 3.0 is one such client. The
sources that the Slackware telnet client is supposedly built from
ftp://ftp.cdrom.com:/pub/linux/slackware-3.0/source/n/tcpip/NetKit-B-0.05.tar.gz
A simple solution is therefore to
obtain these sources and recompile them. This unfortunately is a task
I have had no luck with. Plus, if you are running from inside a SOCKS
firewall, you will need a SOCKSified telnet client anyway. To that
end, I was able to compile a SOCKSified telnet client from:
ftp://ftp.nec.com/pub/security/socks.cstc/socks.cstc.4.2.tar.gz
or, if you're outside the USA,
ftp://ftp.nec.com/pub/security/socks.cstc/export.socks.cstc.4.2.tar.gz
Alternatively, under linux kernels up to 1.2.13, you can pause the
telnet with ^]^z, figure out its pid, and invoke:
term -n on -v /proc/&,t;telnetpid>/fd/3 telnet |
This doesn't work with kernels after 1.3.x, which closed some
mysterious security hole by preventing access to these fd's by
processes other than the owner process and its children.
