I am port forwarding ssh through the router to a host inside my network. That works fine. I have a dstnat rule and a firewall filter rule permitting port 22 to be forwarded.

Now I want to allow ssh connections to the router itself as well.

One option would be to change the ssh port on the router, but it seemed to me I should be able to port forward a different port (say 2222) into the router itself on port 22. It should be as simple as a dstnat rule that changes the port number and provides the address to forward to, and a filter rule that lets the new port to be forwarded.

But it doesn't work. Is there something I'm missing?

I am port forwarding ssh through the router to a host inside my network. That works fine. I have a dstnat rule and a firewall filter rule permitting port 22 to be forwarded.

Now I want to allow ssh connections to the router itself as well.

One option would be to change the ssh port on the router, but it seemed to me I should be able to port forward a different port (say 2222) into the router itself on port 22. It should be as simple as a dstnat rule that changes the port number and provides the address to forward to, and a filter rule that lets the new port to be forwarded.

I am fairly new to this stuff, but I will try to see if I can get something working and post back to you should I get it working. It sounds like that you accept the fact that the ssh to the router from the public interface will need to come in on a non standard port, since ssh (22) from the public interface already goes to an existing internal host.

But it doesn't work. Is there something I'm missing?

I concur. I cannot get this to work and I tried a few things. It should be easy to setup public interface port 2222 forward to routers 22 port. But alas, not so simple. Hopefully someone has a solution (who might have more experience with this stuff).