Interesting Telnet scenario

["Bowden, Kevin" <bowden_kw () nns com>]

I have a requirement for clients in my network to Telnet to a server outside
the network for password changing on the remote server.  (This is an
application password and is for that particular server, it is not their
network password.)  The requirements of the Telnet session are that the
SOURCE PORT of the Telnet session be a given port (XXXXX).  How can I make
this work through Gauntlet?  If I use the proxy, I cannot control the source
port of the session.  If I use a packet filter (forward w/ replies) I reveal
internal address numbers.  I think if I use packet filters with the absorb
option I will still lose the mandatory source port as the proxy will again
take over.  I thought of having the users telnet to an intermediate server
or the firewall and then connect to the remote server, but how can I force
this Telnet session to use a particular source port manually - I know I can
tell it to use a particular destination port, but a source port?  Please
feel free to correct any bad assumptions above or to provide "Basic
Training" if it is appropriate.  TIA!   (Solaris 2.6 / Gauntlet 5.0)

Kevin W. Bowden
Firewall Administrator
Dept. O02 - Information Security
757-688-3498 voice
757-688-7063 fax
bowden_kw () nns com