Hi everyone,
This question is not only for linux.

I try to audit network security of our company and I found it's realative easy to break into to router with default password via telnet.
Some router firmware even let me see obtain the username and password in seconds.
Just one thing, how can I get access to PCs behind those router?
My idea were simple, if I can put PC (one by one) to DMZ (or NAT) so I can push my penetration testing further. But I haven't found anyway to accomplish that 'cause I found no command to set DMZ settings. I tried a lot of different modems/firmwares but no luck. Google for Manuals but nothing I found were useful.
I know each firmware has its own command sets, all I need to know if it's possible to set up DMZ properly from telnet. Could you tell me how you do it with your own router? This will give me ideas of how to archive this?

Any help, comment would be appreciated.

That's really very very vague, don't quite understand what you're really after. Fundamentally you're doing some form of home brew penetration test? Well if you gain access to a firewall / router then you will obviously have a given level of control over all local networks and forms of connectivity through it which would be affected in some way (dropped, natted, rejected, encrypted, tunnelled etc...)

So you're asking "if it's possible to set up DMZ properly from telnet" Well firstly a DMZ takes MANY forms and architectures. Many people think a DMZ is merely a certain machine to which internet traffic is forwarded to by default, rather than ideally seperate network off of a firewall with various machines in it. As for telnet, well that's an obvious problem. Any device giving command line access in the level of environment you *appear* to be duscussing would support ssh, so that should always be used over telnet, and should certainly never be open on the internet side of any security device. as for default usernames - well that's human issues. You can't blame a router because the guy who configured it was stupid / lazy / ignorant. There are *very* few well known examples of vendors accidentally leaving in engineering back doors which were impossible to patch for, e.g. Checkpoint a few years ago, but that's a real rarity.

That' just general talk about the technologies you've mentioned though, I still don't understand what you actually mean in your question...

Yes, it's possible. You could either add a rule of your own to let your PC go further (since you're in the router already), or look at the existing rules, and set your PC to match the address/port.

Without knowing what kind of router/switch/firewall is in place, it's hard to say. Possible, since you say you've got the user ID/pw for the router....

You reckon he means getting administrative access over telnet? just that? hmm, maybe. I'd like to see anyone set up an entire DMZ with just telnet though... plugging patch leads in and rack mounting servers is a real bitch that way!

to cid_kewpie: I have had administrative access to router. I just don't know how to set up DMZ via telnet. It should be far more easier if I have http access to router, but I do not.
I want to access to PCs which are behind those router, so I could probe those PCs (doing a port scanning against those PCs), then pushing my penetration test further. I think single DMZ is good idea though NAT Virtual Server seems good too.
My issue is, I haven't find a way to set up DMZ via telnet.
Sorry for confusing you. I appreciate all your helps.

yeah... the point is "set up DMZ via telnet" doesn't make much sense... what do you actually *MEAN*??