Thursday, August 12, 2010

Reverse Telnet by IP address

There's lots of pages out there detailing how to use your 2511 router or NM-16A/NM-32A for reverse telnet (ugh, I don't care for that term) duty.

Generally they end with each serial interface being associated with a TCP port on the router.   The TCP port for each interface is the interface's "line number" + 2000.

So, if your NM-16A represents lines 33-48, you'd be able to access the console attached to the 3rd serial interface by with "telnet <router> 2035"

While this is adequate for most labs where things get moved around a lot, I find it's difficult to keep track of these port numbers in a long-term deployment.  Especially when there are multiple routers doing this job:  The overlap created by multiple devices means you can't just map the device names in your services (files/NIS/LDAP) database.

My solution is to map each interface to a separate IP address, then create DNS records for every one of them.  Actually, two DNS records for every interface:  A permanent "A" record that references the device and port (terminalserver4-port3.mydomain.com), and a "CNAME" record that references the managed device's console port (switch3-console).  The CNAME points at the A record.

Accessing each serial line by a unique IP address makes this possible, but it requires some address translation.  Here's the relevant configuration, assuming you've already got reverse telnet working:

Configure a loopback interface with a netmask roomy enough for all of your serial interface IPs:


interface Loopback0
 ip address 192.168.4.1 255.255.255.0
 ip nat inside
 ip ospf network point-to-point



This interface is "inside" from a NAT perspective.  The point-to-point line is required because without it, OSPF always advertises loopback interfaces with a 32-bit mask.  Skin that cat however you see fit.

Next, set your Ethernet interface for NAT outside:

interface Ethernet0
 ip nat outside

Now, setup the NAT rules to forward incoming connections.  The connections arrive on unique IPs, all port 23 (no ssh support on my router), and are forwarded to the loopback interface on the unique per-line TCP port:

ip nat inside source static tcp 192.168.4.1 2033 192.168.4.11 23
ip nat inside source static tcp 192.168.4.1 2034 192.168.4.12 23
ip nat inside source static tcp 192.168.4.1 2035 192.168.4.13 23
ip nat inside source static tcp 192.168.4.1 2036 192.168.4.14 23
ip nat inside source static tcp 192.168.4.1 2037 192.168.4.15 23
ip nat inside source static tcp 192.168.4.1 2038 192.168.4.16 23
ip nat inside source static tcp 192.168.4.1 2039 192.168.4.17 23
ip nat inside source static tcp 192.168.4.1 2040 192.168.4.18 23
ip nat inside source static tcp 192.168.4.1 2041 192.168.4.19 23
ip nat inside source static tcp 192.168.4.1 2042 192.168.4.20 23
ip nat inside source static tcp 192.168.4.1 2043 192.168.4.21 23
ip nat inside source static tcp 192.168.4.1 2044 192.168.4.22 23
ip nat inside source static tcp 192.168.4.1 2045 192.168.4.23 23
ip nat inside source static tcp 192.168.4.1 2046 192.168.4.24 23
ip nat inside source static tcp 192.168.4.1 2047 192.168.4.25 23
ip nat inside source static tcp 192.168.4.1 2048 192.168.4.26 23

To connect to the 5th serial interface, I'd telnet to 192.168.4.15.



No comments:

Post a Comment