-   Linux - Networking (
-   -   How to specify SSH outbound port (

ask 04-16-2012 07:38 AM

How to specify SSH outbound port
Hi everyone,

I'm looking for a way to specify the outbound port my SSH-client will use when connecting to a server.

Using lsof -i on my client machine shows any outbound SSH connections in the 38000-40000 range. I want to narrow it down, so I only have to open one single port in my firewall. Does anyone know how to accomplish this, or point me in the right direction?


acid_kewpie 04-16-2012 07:45 AM

Don't narrow down the source port range, that's just not done. SSH is identified as a tcp connection going to port 22. use that as your filter.

what is your motivation for doing this? what other outbound traffic are you concerned about? Note that the source port is never "opened" in the way a destination port is, your traffic coming back from the server will be permitted by stateful connection tracking, not a definition of a specific port number.

ask 04-16-2012 08:02 AM

Thanks for your truly fast reply!

Perhaps my firewall rules are way too strict; right now only a few necessary ports are open (http, smb, ssh, and a few others), the rest is shut tight. What port range should I open? The Dynamic (or Private) ports are in the range 4915265535, whereas the ports observed are in the Registered Ports range 1024 - 49151 (my client runs on FreeBSD). Which range (if any) does SSH use?

thanks again already,

acid_kewpie 04-16-2012 08:06 AM

you shouldn't be paying any attention to the range. unless you have an *astonishingly* bad firewall, you don't need to care about the source port ever. Just open port 22 outbound, and it should work. SSH doesn't *use* any ports itself, the network stack just assigns one with very little interest. as it's not interesting. The only time you're realistically likely to want to force a source port is on things like network security testing tools, nmap etc. normal software very rarely cares.

ask 04-16-2012 08:10 AM

My outbound port 22 is open, that's the problem. Only when I completely disable my firewall I'm able to SSH..

acid_kewpie 04-16-2012 08:27 AM

well without seeing your rulebase, it's very hard to comment any more. are we tal;king about iptables or something else?

ask 04-16-2012 08:45 AM


I've opened the Dynamic port range (both ways), which seems to work right now.

Thanks for your support so far :-)


All times are GMT -5. The time now is 07:31 PM.