cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Port forwarding - port 22 cannot be configured as it is reserved for internal usage

lewispickles
2: Seeker
2: Seeker

Hi All,

 

I have recently upgraded my home broadband package and as a result, Vodafone have sent me out a new 'improved' router with model number THG300 (the last one was an ancient Huawei thing they used which apparently I cannot continue to use as it is "unable to handle the new line configuration").

 

Now, I have multiple servers on my LAN which are running multiple resources which I need access to from over the internet. Therefore, I am trying to configure the port forwarding rules within the router's GUI. I have added a rule to forward traffic on port 21 to my FTP server, 443 to one of my web servers, 445 to an Active Directory server etc etc.

However, when I try to forward port 22 to in order to SSH to a jumpbox, I get a message saying "port cannot be configured as it is reserved for internal usage. Please use a different port".

This obviously raises questions......
1. Why do Vodafone require access to 'something' on my LAN via SSH?

2. Why can I not continue to use my old router

3. Why do the Vodafone support helpdesk keep telling me, "we do not support port forwarding" and are unwilling to raise the request to 2nd line/3rd line as "they are not customer facing" and "there is no issue".

 

Is there anyone else going through the same stuff?

 

11 REPLIES 11

Anonymous
Not applicable

Vodafone's routers are designed for ease of use, and also so that settings can be checked and altered remotely by tech support.  It's common practice to SSH in port 22, which is why it's going to be blocked in this manner.  That's pretty much just the way it is.  So it leaves you two options, either change the port for the device you want to connect to, or switch to a third-party router.

 

As for supporting port forwarding, it's not supported as there are simply so many issues that arise because of it.  It's one of those abilities that once you start to use it, you are on your own, pretty much no matter which consumer-grade ISP you go with!

still, the need to keep port 22 for service, besides being a doubtful practice which blocks a service quite quite useful, does not explain why we are prevented from mapping a high public port, say 22022, to local port 22 on a local machine. 

 

surely this doesnt impair vodafone access to the router, nor would they ever want to access the network beyond the router.

Agreed, one used to be abel to  map a high port to an internal port 22 device but no longer, and in fact until one removes the existing port 22 rules no amendments or changes can be made. 

 

Vodafone should put back the functionality that was there and trust thier users, who obviosuly understand what services run on port 22, to configure this on their routers. 

Hi, Vodafone appear to have updated this now as I was able to add a mapping using an internal port TCP-22

Not on my router sadly.

Firmware-Version:19.2.0307-3261014 seems support Port TCP-22 again

Current firmware version
19.4.0551-3269082
 
Does not on the THG3000 and that's what I use.

For OP or anyone looking at this post if you go to my post here:

https://forum.vodafone.co.uk/t5/Other-broadband-queries/Help-with-Port-Forwardding-or-Port-Mapping-t...

 

You will find how my talks to Vodafone went and also which ports are reserved right now, plus what firmware my THG3000 uses.

Anonymous
Not applicable

So far as I'm aware it is possible and always has been possible to perform asymmetrical port mapping with the VF router, so accessing one port via the router WAN IP&port can direct to a different port on your server.

 

Not using the VF router, and so I run a VPN SERVER on the router which enables me access to the local servers without the vagarities of any port mapping.