Avatar of Nille-as
Nille-asFlag for United States of America asked on

How do I open for port 22 trough firewall.

I have a Cisco firewall, and using nat. I have an official internet adress on the outside interface, and a Ubuntu server on the inside interface. I have configured NAT and security rules.

Problem is. When I open port 80 I am able to connect to the Ubuntu machine from outside. However, when I try port 22 ( SSH ) it will not pass trough. If I move the Ubuntu machine to a DMZ all ports work. IT seems that the lower ports on the inside interface is blocked whatever I try to do.

Need help to enable port on port 22 on the inside interface.
Linux DistributionsCiscoSSH / Telnet Software

Avatar of undefined
Last Comment
Nille-as

8/22/2022 - Mon
shroomduck

http://www.ciscopress.com/articles/article.asp?p=25342

read through the pages, it takes you step by step. Enjoy =)
ASKER
Nille-as

Thanks for the reply. :)

I am not looking for how to enable ssh on the firewall itself. I am looking for a solution how to let the firewall open up for trafic on port 22 from outside to inside interface. I am able to open a lot of ports, but not port 22. It seems there is a default setting on the inside interface to make it more secure, and even if I open port 22 on the security rule, it will not let it trough to the server on the inside interface.

I want to use ssh from a outside computer to a Ubuntu server on the corp network. It is not an option to have the server on a DMZ.
shroomduck

For an even more secure solution, why not setup your own personal VPN connection, enable port 22 on the inside of the firewall, tunnel in and SSH from inside. A Much more secure Idea than opening up a server to brute force and the likes.
Your help has saved me hundreds of hours of internet surfing.
fblack61
karwak

If you setup up an access-list and the according static, there shouldn't be a reason for it not to work.

While xxx.xxx.xxx.xxx is your outside ip and yyy.yyy.yyy.yyy is your inside hosts ip.

access-list from_outside extended permit tcp any host xxx.xxx.xxx.xxx eq ssh
access-group from_ouside in interface outside
static (inside,outside) tcp xxx.xxx.xxx.xxx ssh yyy.yyy.yyy.yyy ssh netmask 255.255.255.255

I would also check if there's any fixup configured...
ahman_ra

Does your firewall allow UPnP?   This is how I made something similar work for me.  Just setting this option to true on the firewall.  As I understand it, it will open ports for services that are signaling that they are awaiting something from the internal side.  We used smoothwall at my former work.  It was a checkbox in there.
ASKER CERTIFIED SOLUTION
Nille-as

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question