I have a weird issue on Ubuntu 22.4.4 LTS.
Using the ufw firewall, I allowed SSH/Port 22, HTTP and HTTPS. I can successfully login via SSH into my server. However, when I am logged in on the server, and want to SSH from their to another server, it gets somehow blocked and is just hanging.
But when I want to SSH from the second server to the first one, this works using SSH agent and SSH forwarding.
Both servers use default Port 22.
When I disable the firewall on Server 1 using sudo ufw disable
, I can SSH from Server 1 to Server 2. When enabling the firewall again, it just hangs.
So, to render it little simpler:
- Working OK: MacBook -> SSH -> Server 1
- Not working: Server 1 -> SSH -> Server 2
- Working OK: Server2 -> SSH -> Server 1
My firewall configuration on server 1 is the following:
> sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 9418/tcp ALLOW IN Anywhere
[ 2] 80/tcp ALLOW OUT Anywhere (out)
[ 3] 80/tcp ALLOW IN Anywhere
[ 4] 443 ALLOW OUT Anywhere (out)
[ 5] 443 ALLOW IN Anywhere
[ 6] 53 ALLOW OUT Anywhere (out)
[ 7] 22/tcp ALLOW IN Anywhere
[ 8] 123 ALLOW IN Anywhere
[ 9] 22 ALLOW IN Anywhere
[10] 9418/tcp (v6) ALLOW IN Anywhere (v6)
[11] 80/tcp (v6) ALLOW OUT Anywhere (v6) (out)
[12] 80/tcp (v6) ALLOW IN Anywhere (v6)
[13] 443 (v6) ALLOW OUT Anywhere (v6) (out)
[14] 443 (v6) ALLOW IN Anywhere (v6)
[15] 53 (v6) ALLOW OUT Anywhere (v6) (out)
[16] 22/tcp (v6) ALLOW IN Anywhere (v6)
[17] 123 (v6) ALLOW IN Anywhere (v6)
[18] 22 (v6) ALLOW IN Anywhere (v6)
Status Verbose:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
9418/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443 ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
123 ALLOW IN Anywhere
22 ALLOW IN Anywhere
9418/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
123 (v6) ALLOW IN Anywhere (v6)
22 (v6) ALLOW IN Anywhere (v6)
80/tcp ALLOW OUT Anywhere
443 ALLOW OUT Anywhere
53 ALLOW OUT Anywhere
80/tcp (v6) ALLOW OUT Anywhere (v6)
443 (v6) ALLOW OUT Anywhere (v6)
53 (v6) ALLOW OUT Anywhere (v6)
Is there another port I need to open that will be used when SSH out from Server 1 to another server? Or allowing UDP or something like that?