• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 319
  • Last Modified:

Routers / Port Forwarding / NAT / SBS / Static IP - a question about all of that!

I was working with another guy at our church who set up the network there.  I'd like to get your opinion on what he told me.

Background: It's a network with a single nic sbs box, NOT being used for email.  It does the DHCP for the network of about 5 PCs.  The router is a consumer grade blue linksys router (with LAN IP of 192.168.1.1).  They have STATIC DSL.

We got into a discussion on changing things on the network.  He said that 1 person remotely accesses the info on the server (it has the IP of 192.168.1.110) via Telnet!?  I clarified - not RWW, not logmein or gotomypc... telnet he said.

Looking at the router interface briefly - I saw the static IP hard coded on the router.  DHCP on the LAN side was turned off.  There were NO port forwardings set up on that page and the DMZ page said 'disabled'.

So with a static public IP, is there any way they are remotely getting into the server via telnet with the screens set up the way I described?  Again, single nic server and that has an IP of 192.168.1.110 and another machine on the network has 192.168.1.103.

I will push it with 'when was the last time they connected' and how do they connect, etc..... but I want to make sure I am right - from what I saw, no one can get in remotely via telnet?

it's something like a BEFSR41 or similar type of router.
0
babaganoosh
Asked:
babaganoosh
  • 2
  • 2
  • 2
  • +1
5 Solutions
 
that1guy15Commented:
Two things would be needed to get a telnet session connected through the router to the internal server

1)the router would need port forwarding/ NAT set up to forward all telnet request to that server.
2) the router will also need to allow telnet traffic from outside to inside. usually will ACLs and for specific ranges of public IPs.

If these two are not set up then he is not able to telnet directly to the server by using the public IP. The only other way i can see this happening is if he is telneting to another server then over to the SBS server. But even with that the 2 statements above would still need to be true for the other computer.

i would test this or have him show you.
0
 
Justin_W_ChandlerCommented:
You are correct -- unless that server's IP address is specified as the DMZ, or unless incoming connections on port 23 (Telnet) are forwarded to it, they should not be able to connect to that server at all with Telnet.Check the router to see if there are any pages that contain pre-set filters/forwards that may be handling the forward. If not, then you are most certainly right in saying they are not actually connecting via Telnet.
0
 
babaganooshAuthor Commented:
yeah, I have to have him show me.  I hate 2nd hand info (he's telling me what someone else is doing).  and in a church / volunteer situation, loads of people likely touched things and things change over time but the info doesn't get back to all the people.

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
suppsawsCommented:
Hello babaganoosh,

look, the telnet thing is a total no-go on an sbs network.
I gues he doen't know that much about sbs to begin with, I'll give you some basic info:
For all your remote acces questions:
http://sbs.editme.com/Remoteaccess
and escpecially:
http://www.unixwiz.net/techtips/sbs-remote-access.html
If you have a fixed external ip you should use exchange, instead of disabling it.
create an a record at your dns provider mail.yourdomain.com and point to your external ip.
rerun the connect to the internet wizard and make the correct certificate with that FQDN.
I guess the whole SBS is setup the wrong way, please read this:
http://sbs.editme.com/getstarted

Regards,

suppsaws
0
 
suppsawsCommented:
babaganoosh,

another thing; the best way to take over an sbs for admin purposes is via RWW at httpS://FQDN/remote
forward port 443 and 4125 to the sbs and you are set.
read all tutorials I provided you in the past links.

suppsaws
0
 
Justin_W_ChandlerCommented:
I just thought of something. Perhaps he means that Telnet is used to configure the Router itself, and not the server. Check to see if remote management is enabled in the router and if so, does it support telnet configuration.
0
 
babaganooshAuthor Commented:
as with most volunteer things, this is off the table now with other issues more pressing.  thanks for your thoughts!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now