diff --git a/hosts/proxy/default.nix b/hosts/proxy/default.nix
index df7eded..6c454a3 100644
--- a/hosts/proxy/default.nix
+++ b/hosts/proxy/default.nix
@@ -24,8 +24,10 @@
     ];
     firewall = {
       allowedTCPPorts = [
+        22
         80
         443
+        1005
         2142
       ];
     };
@@ -63,7 +65,7 @@ services = {
       listenAddresses = [
         {
           addr = "141.56.51.1";
-          port = 2142;
+          port = 1005;
         }
       ];
     };
@@ -113,6 +115,7 @@ services = {
 
         frontend http-in
           bind *:80
+
           acl is_plone hdr(host) -i stura.htw-dresden.de
           acl is_www_plone hdr(host) -i www.stura.htw-dresden.de
           acl is_pro hdr(host) -i pro.stura.htw-dresden.de
@@ -123,6 +126,16 @@ services = {
           default_backend plone_80
 
 
+        # ---- SSH Jump ----
+        frontend ssh_jump
+          bind *:22
+          mode tcp
+          use_backend ssh_srs2
+        frontend ssh_jump_alt
+          bind *:2142
+          mode tcp
+          use_backend ssh_srs2
+
         # ---- SNI routing (TCP, peek at handshake) ----
         frontend sni_router
           bind *:443
@@ -142,6 +155,10 @@ services = {
           # loopback to the termination frontend below
           server loopback 127.0.0.1:8443
 
+        backend ssh_srs2
+          mode tcp
+          server srs2 141.56.51.2:80 check
+
         backend tls_passthrough
           mode tcp
           server nginx_host 141.56.51.15:443 check