I have a large machine S that lives behind NAT and can only be accessed via VPN. As a quick access hack, I want to use an EC2 t2.micro instance to serve as a port-forwarding router node so I can use that EC2 instance's public IP and a port that I specify to connect to machine S. This port-forwarding works with high ports. However, I really want to use the default port 22 since the only purpose of this EC2 instance is to forward traffic (so it is a waste to have to specify ports every time). To do this, I changed my /etc/ssh/sshd_config to run normal ssh for the ec2 instance on port 222 instead and I changed some other settings to change the following to yes: AllowTcpForwarding, AllowStreamLocalForwarding, GatewayPorts. This appears insufficient though as I get a binding error when I try to bind to 22. Higher ports (e.g. 2222) work. However, I can't start on 22. I have a TCP rule in my security group for the EC2 instance that allows outbound/inbound traffic for all ip addresses to all ports. Why am I facing this issue? Is there a neat solution. Is there a network-specific instance that better serves this usecase. For weird reasons, I might need to do this more times.