Home > Support > Knowledge Base
Knowledge Base
 
Reset Search
Search
 

 

Knowledge

HOW TO: Configure the Digi TransPort Firewall to Allow Alternate SSH and Other Management Ports for External Access

« Go Back

Information

 
Problem Resolution

HOW TO:  Configure the Digi TransPort Firewall to Allow Alternate SSH and Other Management Ports for External Access

 

With the standard rule in place, which allows SSH, you may see several external connection attempts in the Event log similar to the following:

    15:58:28, 15 May 2014,GP socket connected: 192.168.1.1:22 -> ###.###.###.###:5286

 

 

These messages may point to possible malicious hack attempts.  Fortunately, Digi TransPort routers will listen on the standard service ports with 8000+ port numbers.  For example:  8022(SSH),8080(HTTP), 8443(HTTPS), etc...

 

In order to configure the Digi TransPort to stop listening on the standard SSH port 22 and listen on the 8022 port instead, the following can be added to the firewall rules:

    pass in break end proto tcp from any to any port=8022 flags S!A inspect-state

 

Looking at the Firewall hit counter under the Security > Firewall menu will allow you to see which rules are getting hit and logged into fwlog.txt by the last rule in the default firewall rule set: 

    block logbreak end


When adding the above mentioned rule, the firewall blocks the attempt, so it will never make it into the Event Log. Instead it shows up in Management - Network Status >Firewall Trace (fwlog.txt). The following shows an example of a blocked SSH connection attempt:

-----   15-5-2014 13:10:24   ------

FW LOG   Dir: IN   Line:21   Hits: 599   IFACE: PPP 1

Source IP: ###.###.###.###   Dest IP: 192.168.1.1  ID: 27424   TTL: 232   PROTO: TCP (6)

Src Port: 5286   Dst Port: 22

block log break end

 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255