I have a redhat box behind a Cisco PIX 506E. The redhat box has an application on it that local PC's telnet into to do certain things at work. The managers want to be able to complete some work at home. The easiest way in my opinion would be to statically NAT a public IP address to the local IP of the server and allow TELNET in thru the firewall. The telnet daemon asks for a username/password which would keep any unwanted vistors out.

Also, in this network, there is a slackware 10.2 box running as a proxy server. I would like remote access to this box via SSH and am contemplating doing so thru STATIC NAT and allowing SSH thru the firewall.

I am worring about DoS attacks on the servers. Is Static NAT a safe way to achieve remote access?

Is Static NAT a safe way to achieve remote access?
To some degree yes, but you are opening your LAN to remote access which significantly increases risk. If you take reasonable precautions then it can be done relatively safely. Putting the server in a DMZ is probably an even better solution. Ideally though, you should really think about setting up some kind of VPN access. That way users need to authenticate to the VPN before they even get a chance to send traffic to the LAN server.

I'd also highly recommend against using telnet, expecially on an un-encrypted connection. Sending things like logins in plain-text over the internet is a bad idea. Use SSH as a replacement instead.

I understand your point on the TELNET. If I have a server that runs of the TELNET daemon, how can I get that to use SSH. I have heard of things called a "SHUNNEL" but I am not to familiar with the concept.

You could do it that way by tunnelling telnet through some form of encryption tunnel (like SSH or SSL) but why not just run a SSH daemon *instead* of the telnet daemon?

The telnet daemon is provided by a different company and I have no control over it. What else do I need to do to have the telnet thru a tunnel?

As allready suggested: Run a vpn, that way the telnet-server is not accessible directly from the internet without logging on the vpn first and the telnet-session runs in an encrypted tunnel....
PopTop is relativeliy easy to set up, not the most secure vpn in the world but a hell of a lot better than running clear-text telnet-sessions in the open....