It's a Thomson router, nothing special.
Elixer - but what if I telnet'd from a host on my LAN to the public address of my router? I'm not quite sure how NAT works.. but I'm guessing both private and public IP are stored on different interfaces of my router.
So doing the above would be secure as I am not going beyond my LAN right? (I don't care about hosts on the LAN being able to see traffic)
Yes.
Remember, it's all software in the end. How this works is, packets arrive on an interface. The chip on that interface (ethernet chip, the DSL chip, cable, whatever) just receives bits from the wire. It copies those bits into memory. And then it signals the CPU that a new packet has arrived. The CPU's interrupt handler puts that packet into a queue. And sets a flag that a new packet has arrived.
On the CPU a bunch of processes will be running. One of them takes packets out of the queue and examines them. There are 2 things it can do: 1) forward the packet to another router, or 2) accept the packet for yourself. First thing it does is: look at the destination address, and look it up in the routing table. In the routing table, it sees that the destination is actually directly connected. And even more special: it's destined for the router itself. The process will queue the packet in yet another queue, where another process will take care of it. E.g. it will put your telnet packet in the queue for TCP processes.
If the packet was not destined for the router itself, it will actually have found, in the routing table, the next hop and outgoing interface. It will encapsulate the ip-packet with a new layer-2 header, stick it in the output queue for the outgoing interface, and signal the outgoing interface that it has yet another packet to send out.
I hope this wasn't too complicated. It's pretty straight-forward. The point I was trying to make is: if a packet is destined to a particular device, once it reaches that device, it will not leave again.
There are exceptions, of course. High-end routers have chips (per interface or per linecard) that do all the forwarding. The CPU will never see the packet, unless the packet is destined for the router itself. Some routers will process packets destined for itself in process in user-space. Some will do it in the kernel. All depends on internal implementation. But once thing is true: those packets will not leave the router again.
I know that in some implementation, if you ping your own ip-address on a serial (point-to-point) interface, the router will send a packet out that interface, hoping it receives it back. This is done so that pinging your own interface allows you to check it the point-to-point link is up. However, this only works for ping. And not other protocols (like TCP, which is used by telnet).
BTW, if you are worried about security, it might be better to switch telnet off. And only use ssh. Ssh uses encryption. Not only during authentication, so you don't see clear-text passwords on the wire. But also to encrypt the content. I use Putty to do ssh from a windows-box.
Facebook
Twitter