TWSD-1696, SSH working on fwd tcp port
Review Request #1481 — Created April 9, 2026 and updated
| Information | |
|---|---|
| mingji | |
| APV10 | |
| rel_apv_10_7_4 | |
| TWSD-1696 | |
| Reviewers | |
| kevin.poh, philpeng, weikai | |
Root cause:
APV will recieve all packets send tofwd tcp’s VIP. Packets match the configured port will do port forwarding, but not matched packets will forward to kernel. That’s why kernel’s sshd process can establish ssh connection.Solution
Add firewall rules to drop port 22, 65519.
- configured
fwd tcp, the VIP should be different from management IP. - ssh to the VIP from client, and this should be timeout.
| Description | From | Last Updated |
|---|---|---|
|
ssh port [port_number] SSH ports can be changed via commands, so they are not fixed to port 22. |
 weikai
|
-
-
branches/rel_apv_10_7_4/usr/click/lib/libnatd_cli/natd_cli.c (Diff revision 1) ssh port [port_number] SSH ports can be changed via commands, so they are not fixed to port 22.