Specify SOURCE port for SSH

[morleyrees]

Hi,

I've set up sshd on a remote server to listen on port 2222. This setup worked fine until my client had a new router (with VOIP cababilities).

I've managed to set up port forwarding for ssh but I've got a problem, the router's firewall/port forwarding setup would not allow me to specify that ANY SOURCE port could connect (like on the old router) it would only accept a single source port so I chose 2222 again.

Unfortunately I can't seem to find a way of specifying the source port (I know the source port is normally randomized in some way) I want to use when connecting to this server using ssh or putty.

I hope this makes sense and any help will be appreciated.

[Cabhan]

I'm a bit confused. You mean to specify which port you want to connect to when you connect via ssh?

Code:

ssh -p PORT ...

Or am I misunderstanding?

[morleyrees]

Hi Cabhan,

It confuses me too!!

The firewall will only forward connections to DESTINATION port 2222 on the server if the OUTGOING port number on the remote machine requesting the connection is also 2222.

I could have defined any valid port number for this outgoing port number in the firewall setup e.g 9999 but the software wouldn't allow me to use ANY/ALL (source port) which is the norm.

If I remember correctly the outgoing port number is normally a randomly generated number above 1024 but I obviously need to use a specific one (i.e 2222 or 9999 for instance).

[anomie]

I could have defined any valid port number for this outgoing port number in the firewall setup e.g 9999 but the software wouldn't allow me to use ANY/ALL (source port) which is the norm.

I'd check with the documentation and/or support for that firewall. It seems like you should be able to at least specify a range. If not, it's pretty odd, as you'd have serious problems with virtually any client connection -- they generally use random, high numbered ports.

edit: Also be sure you're using the right functionality for its purpose. It sounds a bit like you may be using port forwarding for something it wasn't intended for.

[HROAdmin26]

Ditto what Anomie said...

I've never seen a web-interface-consumer router/firewall that allowed (let alone required) setting a source port for an incoming connection.

What's the documentation for the router say?

[Cabhan]

That certainly is rather strange. Check the documentation, as has been said, or maybe try Googling around to see what other people have to say.

[morleyrees]

Thanks for the replies

It's the first time I've come across this too. I've used port forwarding on numerous occasions before for vnc,ssh,torrents etc with no (major) problems.

When I've tried changing the allowable port ranges to ALL (it's actually 2 boxes one the lower port number and one for the upper port in the range) it then changes the forwarded ports to the same value.

So, for instance if I stated that the source ports can be 0..65535(?) it then mirrors these changes in the destination ports.

I hope my explanation is clearer than mud

I'll go back to the book for now.

[HROAdmin26]

Does the field show FROM and TO? And you are putting in something like 2000-2222 in the FROM and it's getting duplicated in the TO box?

If so, this is the destination range - FROM port X TO port Y. IE, if you needed ports 5000 to 5005 forwarded. If only one port, the "range" is 5000 to 5000.

This is not a source/destination entry, only the range of ports to be forwarded.

Again, I am guessing on what you are seeing and what you are entering. The manual (or HELP in the web GUI, if it has one) would clarify.