diff --git a/boxes/copernicus/services/sshd.nix b/boxes/copernicus/services/sshd.nix
index 70a3380..661ab5d 100644
--- a/boxes/copernicus/services/sshd.nix
+++ b/boxes/copernicus/services/sshd.nix
@@ -7,6 +7,20 @@
       PermitRootLogin = "no";
       PasswordAuthentication = false;
     };
+    listenAddresses = [
+      {
+        addr = "192.168.1.201";
+        port = 2222;
+      }
+      {
+        addr = "10.100.0.2";
+        port = 2222;
+      }
+    ];
+  };
+
+  networking.firewall.interfaces.eno1 = {
+    allowedTCPPorts = [ 2222 ];
   };
 
   users.users.usr.openssh.authorizedKeys.keys = [
diff --git a/boxes/netbox/ssh.nix b/boxes/netbox/ssh.nix
index fc0ac22..300b572 100644
--- a/boxes/netbox/ssh.nix
+++ b/boxes/netbox/ssh.nix
@@ -1,4 +1,4 @@
-{ lib, config, pkgs, machines, ... }:
+{ pkgs, machines, ... }:
 
 {
   services.openssh = {
@@ -6,6 +6,7 @@
     ports = [55555];
     settings = {
       X11Forwarding = false;
+      AllowTcpForwarding = true;
       PermitRootLogin = "no";
       PasswordAuthentication = false;
     };
@@ -34,7 +35,6 @@
     login_ip="''${SSH_CLIENT%% *}"
     is_in_ignored=$(grep "$login_ip" /etc/ssh/ignored_ips -c)
     if [ "$is_in_ignored" -gt 0 ]; then
-      echo "Your login has been ignored based on your IP address."
       exit
     fi
     time=$(date "+%T%:z")
diff --git a/lappy-config/ssh/config b/lappy-config/ssh/config
index d8d8b2e..b9d5894 100644
--- a/lappy-config/ssh/config
+++ b/lappy-config/ssh/config
@@ -2,3 +2,13 @@ Host netbox
 	HostName beepboop.systems
 	User ryan
 	Port 443
+
+Host copernicus-proxy
+	HostName 10.100.0.2
+	User usr
+	Port 2222
+	ProxyJump netbox
+
+Host copernicus
+	User usr
+	Port 2222