LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 04-16-2012, 08:38 AM   #1
ask
LQ Newbie
 
Registered: Oct 2005
Location: Amsterdam, The Netherlands
Distribution: Ubuntu 11.10 amd64, Puppy, FreeNAS 8.0.2
Posts: 13

Rep: Reputation: 0
How to specify SSH outbound port


Hi everyone,

I'm looking for a way to specify the outbound port my SSH-client will use when connecting to a server.

Using lsof -i on my client machine shows any outbound SSH connections in the 38000-40000 range. I want to narrow it down, so I only have to open one single port in my firewall. Does anyone know how to accomplish this, or point me in the right direction?

thanks,
Memel
 
Old 04-16-2012, 08:45 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Don't narrow down the source port range, that's just not done. SSH is identified as a tcp connection going to port 22. use that as your filter.

what is your motivation for doing this? what other outbound traffic are you concerned about? Note that the source port is never "opened" in the way a destination port is, your traffic coming back from the server will be permitted by stateful connection tracking, not a definition of a specific port number.

Last edited by acid_kewpie; 04-16-2012 at 08:46 AM.
 
Old 04-16-2012, 09:02 AM   #3
ask
LQ Newbie
 
Registered: Oct 2005
Location: Amsterdam, The Netherlands
Distribution: Ubuntu 11.10 amd64, Puppy, FreeNAS 8.0.2
Posts: 13

Original Poster
Rep: Reputation: 0
Thanks for your truly fast reply!

Perhaps my firewall rules are way too strict; right now only a few necessary ports are open (http, smb, ssh, and a few others), the rest is shut tight. What port range should I open? The Dynamic (or Private) ports are in the range 4915265535, whereas the ports observed are in the Registered Ports range 1024 - 49151 (my client runs on FreeBSD). Which range (if any) does SSH use?

thanks again already,
Memel
 
Old 04-16-2012, 09:06 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
you shouldn't be paying any attention to the range. unless you have an *astonishingly* bad firewall, you don't need to care about the source port ever. Just open port 22 outbound, and it should work. SSH doesn't *use* any ports itself, the network stack just assigns one with very little interest. as it's not interesting. The only time you're realistically likely to want to force a source port is on things like network security testing tools, nmap etc. normal software very rarely cares.

Last edited by acid_kewpie; 04-16-2012 at 09:08 AM.
 
Old 04-16-2012, 09:10 AM   #5
ask
LQ Newbie
 
Registered: Oct 2005
Location: Amsterdam, The Netherlands
Distribution: Ubuntu 11.10 amd64, Puppy, FreeNAS 8.0.2
Posts: 13

Original Poster
Rep: Reputation: 0
My outbound port 22 is open, that's the problem. Only when I completely disable my firewall I'm able to SSH..
 
Old 04-16-2012, 09:27 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
well without seeing your rulebase, it's very hard to comment any more. are we tal;king about iptables or something else?
 
Old 04-16-2012, 09:45 AM   #7
ask
LQ Newbie
 
Registered: Oct 2005
Location: Amsterdam, The Netherlands
Distribution: Ubuntu 11.10 amd64, Puppy, FreeNAS 8.0.2
Posts: 13

Original Poster
Rep: Reputation: 0
ipfw.

I've opened the Dynamic port range (both ways), which seems to work right now.

Thanks for your support so far :-)

Memel
 
  


Reply

Tags
firewall, port, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
check if outbound udp port is accessible baddah Linux - Networking 2 12-10-2009 08:39 AM
Howto do Secured ssh from port https or port80(standard) to ssh d listening port 22 ? Xeratul Linux - General 4 11-23-2006 07:09 AM
outbound port 80 winchester169 Linux - Security 1 07-21-2006 04:32 PM
Stopping outbound SSH with IPTables Harlin Linux - Security 5 12-18-2005 02:14 PM
how do we find outbound port numbers mahanare Linux - Security 1 10-05-2004 01:32 PM


All times are GMT -5. The time now is 01:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration