Solved

How to redirect ssh traffic on 2022 to port 22

Posted on 2006-07-19
15
1,178 Views
Last Modified: 2008-01-09
I need to redirect ssh on port 2022 from a public IP to an internal IP listening on port 22.  Currently, I have ssh setup for administration of the firewall.
0
Comment
Question by:cisco_2k2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
15 Comments
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17142598
What kind of firewall, what kind of router?
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17142635
looks like yuou need to setup port forwarding.... what type of firewall is it ?

baiscall you need to NAT public IP : 2022 to internal ip : 22
0
 

Author Comment

by:cisco_2k2
ID: 17142645
The firewall is an ASA 5510
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17142684
If you redirect ssh to an internal device on port 22, you will no longer be able to manage the firewall with ssh.  Does that matter?
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17142689

You will want to put a command similar to:

static (inside,outside) tcp [external IP] 2022 [internal ip] 2022 netmask 255.255.255.255 0 0

     also, if you have an existing access list you will need something like

access-list [number of acl] permit tcp any host [external ip] eq 2022
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17142699
opps:"

static (inside,outside) tcp [external IP] 2022 [internal ip] 2022 netmask 255.255.255.255 0 0

should be

static (inside,outside) tcp [external IP] 2022 [internal ip] 22 netmask 255.255.255.255 0 0
0
 

Author Comment

by:cisco_2k2
ID: 17142830
Will I need to remove my existing ssh for the firewall administration to make this work?
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17142852
you really shouldn't... but lets see.

you already have port 22 (ssh) open for firewall adminsitartion from the internet correct ?

you want to to configure port 2022 to redirect to an internal box (linux?)  ssh.

so if yoiu connect to exteranl ip : 22  you hi the ASA  
if you connect to 2022 you hit the internal linux box.

if you redirected 22 to 22 then you would have problems, but you are using a alt. port for the other ssh.

make sense ?
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17142911
Remove my stupid comment completely.  It should not cause any problems with the admin SSH.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17143653
Couple of modifications for Port Forward to work;

static (inside,outside) tcp interface 2022 [internal ip] 22 netmask 255.255.255.255 0 0

access-list [number of acl] permit tcp any host interface outside eq 2022

access-group [number of acl] in interface outside

Cheers,
Rajesh
0
 

Author Comment

by:cisco_2k2
ID: 17151020
After entering the following:
access-list [number of acl] permit tcp any host interface outside eq 2022

I am getting an error for the "interface" part of the string.  This is an ASA 5510 device.
0
 
LVL 5

Expert Comment

by:Dbergert
ID: 17151253
did you try the external IP ?
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17151334
access-list [number of acl] permit tcp any interface outside eq 2022

Enter this and see ? I mean, omit the host part.

Cheers,
Rajesh
0
 

Author Comment

by:cisco_2k2
ID: 17151463
That worked. Thanks!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17151467
No Problemo :-)

Cheers,
Rajesh
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Map all network 11 93
DNS issue. Can't add a server to a domain 23 207
Active Directory permissions 5 45
Cisco Nexus 9372 port channel 3 45
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question