Problems after changing SSH port

thomas cattral asked:

I’m trying to SSH into a CentOS7 server using a specific port.
The following rules are the iptables rules:

iptables -P INPUT DROP
iptables -P FORWARD DROP

Allow appropriate ports IN, OUT and FORWARD

iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --sport 123 -j ACCEPT
iptables -A INPUT -p tcp --dport 2113 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 168.63.129.16 -j ACCEPT
iptables -A OUTPUT -d 168.63.129.16 -j ACCEPT
iptables -A INPUT -p tcp --sport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A FORWARD -p tcp -s 172.16.13.4 --sport 3389 -j ACCEPT
iptables -A FORWARD -p tcp -d 172.16.13.4 --dport 3389 -j ACCEPT

Allow RDP to az-ws

iptables -A FORWARD -p tcp -d 172.16.13.4 --dport 3389 -j ACCEPT
iptables -A FORWARD -p tcp -s 172.16.13.4 --sport 3389 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 2113 -j DNAT --to-destination 172.16.13.4:3389
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Allow SSH to az-ls

iptables -A FORWARD -p tcp -d 172.16.13.5 --dport 22 -j ACCEPT
iptables -A FORWARD -p tcp -d 172.16.13.5 --sport 22 -j ACCEPT

SELinux is set to enforced, however, the policy is updated and is listening and allowing on port 2113

sshd_config is setup currently to listen on two ports, port 2113 and port 22.

If I remove port 22 from sshd_conf, I can not ssh in and if I try to specify port 2113 I either get a connection time out error or ssh_exchange_identification: read: Connection reset error. I’m not sure how to solve this problem

My answer:


Here is your problem:

iptables -t nat -A PREROUTING -p tcp --dport 2113 -j DNAT --to-destination 172.16.13.4:3389

You say you configured sshd to listen on port 2113 but you have diverted all that traffic to some other host. Thus sshd can never be reached.

You need to choose a different port, or remove the diversion.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.