I want to have ssh access to server14 through port x, and block port 22.

On my desktop, I give the command: 'ssh -p x server14', where x is above 1024.

On server14, i changed /etc/ssh/sshd_config to listen to port x (Port=x)
With switched-off the iptables on server14, I can connect with ssh. But if I have iptables running, with rule: -A INPUT -p tcp --dport x -j ACCEPT, I cannot connect.
The logging on server 14 says:Whatch the DPT=22.

How is that possible??

On the desktop, I can run 'ssh -v -v -p x server14', I get:So connecting to port x, not 22.....

How can I connect to server14, only through port x?

Well it may be possible that your ssh_config file is taking over, it shouldn't with the -p option but as an easy troubleshooting step and to make life easier you should update your /etc/ssh/ssh_config file on the client that is connecting to the server to update the port directive and specify your 1024 port.

Also, make sure you don't have any iptable translation rules on your client.

1 members found this post helpful.

Hi Kustom42.

It is not the ssh_config. I see in the IpTables log file of the client, the outgoing port is correct. However, in the log file of the server, the incoming port is 22 (not correct).

I did play with prerouting before: #$IPT -t nat -A PREROUTING -p tcp --dport x -j DNAT --to-destination :22
But that line is commented now.

BUT connecting with 'ssh -p y server14' (y != x), works correctly!!!
So somewhere, the forwarding (prerouting) is still active. iptables -L does not say it.

Luckily it is on a virtual test server, not on my live servers.....

Your last line did pointed me to the error. Thanks!