TWSD-1696, SSH working on fwd tcp port
Review Request #1481 — Created April 9, 2026 and updated — Latest diff uploaded
| Information | |
|---|---|
| mingji | |
| APV10 | |
| rel_apv_10_7_4 | |
| TWSD-1696 | |
| Reviewers | |
| kevin.poh, philpeng, weikai | |
Root cause:
APV will recieve all packets send tofwd tcp’s VIP. Packets match the configured port will do port forwarding, but not matched packets will forward to kernel. That’s why kernel’s sshd process can establish ssh connection.Solution
Add firewall rules to drop port 22, 65519.
- configured
fwd tcp, the VIP should be different from management IP. - ssh to the VIP from client, and this should be timeout.