You are viewing an article about an obsolete product. Information on this page is provided as-is and not supported.

HOW TO: Configure the Digi TransPort Firewall to Allow Alternate SSH and Other Management Ports for External Access


With the standard rule in place, which allows SSH, you may see several external connection attempts in the Event log similar to the following:

    15:58:28, 15 May 2014,GP socket connected: -> ###.###.###.###:5286



These messages may point to possible malicious hack attempts.  Fortunately, Digi TransPort routers will listen on the standard service ports with 8000+ port numbers.  For example:  8022(SSH),8080(HTTP), 8443(HTTPS), etc...


In order to configure the Digi TransPort to stop listening on the standard SSH port 22 and listen on the 8022 port instead, the following can be added to the firewall rules:

    pass in break end proto tcp from any to any port=8022 flags S!A inspect-state


Looking at the Firewall hit counter under the Security > Firewall menu will allow you to see which rules are getting hit and logged into fwlog.txt by the last rule in the default firewall rule set: 

    block logbreak end

When adding the above mentioned rule, the firewall blocks the attempt, so it will never make it into the Event Log. Instead it shows up in Management - Network Status >Firewall Trace (fwlog.txt). The following shows an example of a blocked SSH connection attempt:

-----   15-5-2014 13:10:24   ------

FW LOG   Dir: IN   Line:21   Hits: 599   IFACE: PPP 1

Source IP: ###.###.###.###   Dest IP:  ID: 27424   TTL: 232   PROTO: TCP (6)

Src Port: 5286   Dst Port: 22

block log break end

Last updated: Jan 11, 2024

Filed Under


Recently Viewed

No recently viewed articles

Did you find this article helpful?