If your router is running Linux, and has NetFilter extensions compiled into the kernel, and if the iptables binary and required support libraries are present on the router, AND you can gain shell access or run shell commands with sufficient privilege to run iptables, then this should be possible, yes.Originally Posted by vvpalin
Not including a normal Linux PC (which could be used to create a router system) the routers that natively fulfill this requirement would usually be ones based on a custom firmware like OpenWrt. I have an OpenWrt based router at home upon which I run a custom firewall script using iptables.
For the OP, you would need all of the above conditions in place before you could use the iptables method to perform port forwarding. Telnet isn't the only method you could use to run the iptables commands, you could also connect via ssh, or exploit a service to gain shell access/run commands.
Whether there are other methods to achieve what you want to achieve of course depends on what systems are present on your network, how they are configured and what access you have to them. Thats (one of the reasons) why I asked about that in my original post.
In a traditional home based setup where the router connects to the ISP, your internal systems connect to the router and the external router interface has the only non private IP address assigned, you wont be able to perform port forwarding without either changing the configuration of the router or having access to a system connected between the external interface of the router and the system on the Internet from which you want to "port forward". Most people are not going to have this access, so changing the configuration of the router is probably the only method for you to use.
The most straightforward method (and really the method you should be using) is to just login via the routers web interface and change the configuration from there. If you have forgotten your password just use the factory reset button on the router.
Is there some reason why you don't want to use the web interface to configure this?
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Thank you lupin for that wonderful post, personally and im sure you knew this im just looking to play around, there is no reason i cant http in and change the settings, however doing it via ssh while im away would be a godsend. Much better than opening web axx to the outside world.
Thanks
Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.
Do what I do, vpn.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
The "Is there some reason why you don't want to use the web interface to configure this? " comment was actually directed at the OP, I realised you were just asking out of interest
I probably didn't make that very clear...
And Barry's suggestion of using a vpn if you want to change router settings remotely is a good one. I personally wouldn't open ssh out to the Internet unless I had very good authentication (better than root:root) and was willing to monitor my logs very closely. A vpn using IPSec is better (if only because there wont be as many automated password guessers checking your system), however you probably still want to use strong authentication...
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
*pisst* *pisssst* hey you *pisst* you should reverse the characters of the password, nobody will ever figure it out.
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
You want to see somthing fun, open up ssh and watch your firewall logs. Those Chinese guys are persistant!
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
Posting Permissions
