Reverse Telnet

2017-11-03 09:05:03

When a user telnets to a router, she is "logged on" directly to the router. Cisco adds a special twist: if you telnet to a special port on the router, the router redirects the incoming telnet connection back out a selected asynchronous line, rather than internally accepting the incoming connection. This is called reverse telnet . Here are two telnet commands you might give on your Unix or Windows workstation:

% telnet router1 Telnet directly into router1 % telnet router1 2001 Telnet to port 2001 on router1

The first telnet command connects to the standard telnet port (TCP port 23; remember that we're now talking about TCP ports, not the router's physical ports) and initiates a virtual terminal session with the router. The second command is tricky. It connects to TCP port 2001; the router maps this port to one of its asynchronous lines. The router performs any login requirements, then connects the telnet session to the mapped line. The mapping is simple: just subtract 2000 from the port used for the telnet connection. So in this example, the user would be connected to asynchronous line 1 (tty1). Line 2 (tty2) would be 2002, and so on. If a modem is connected to tty1, the user would be talking directly to the modem.

The only catch to this mapping is the AUX port. The number of the AUX port is the last TTY port, plus 1. So, on a router with 18 TTY ports, the AUX port would be port 2019 (the last TTY, port 2018, plus 1). On a router with no TTY interfaces, the AUX port would be port 2001.

In addition to port 2000, ports 4000 and 6000 can be used. Port 4000 plus the tty1 gives you a raw TCP port, which is usually for sending data directly to a printer. On port 2000, each carriage return is translated into a carriage return plus a linefeed. Port 6000 is just like port 2000, except it turns off the carriage-return translation.

Reverse telnet requires that the TTY line be configured to allow outbound connections. Here's how you do this:

Router(config)#line tty2 Router(config-line)#modem inout

The modem inout command allows both incoming and outgoing connections. Another way to configure the line is:

Router(config)#line tty2 Router(config-line)#modem callout

The modem callout command allows only outgoing connections.

Another useful command for reverse telnet is ip alias. This command lets you assign an IP address to a reverse telnet connection. In other words, the router associates an IP address with a reverse telnet port. If you telnet to this address, the router will connect you directly to the specified port. For example, assume that a router has an Ethernet interface with an address of 10.1.1.1. The following commands configure it to route incoming telnet connections for the addresses 10.1.1.2, 10.1.1.3, and 10.1.1.4 to asynchronous ports 1 through 3:

interface ethernet0 ip address 10.1.1.1 255.255.255.0 no shutdown ! ! Now configure our reverse telnet IP address ip alias 10.1.1.2 2001 ip alias 10.1.1.3 2002 ip alias 10.1.1.4 2003

Now, when you telnet to 10.1.1.2, you will be connected to the device that is connected to port 1.

Категории