Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
jb-vpn.uk Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
SSH Port Forwarding:Quickstart
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== What Changed? == The SSH port forwarding system has been refactored from hardcoded iptables rules to a flexible, configuration-driven system. This makes it easy to add SSH access to multiple devices on your VPN. === Before === * Hardcoded iptables rules in <code>/etc/iptables/rules.v4</code> * Manual rule management * Difficult to add new devices === After === * Configuration file: <code>/etc/ssh-port-forwards.conf</code> * Management script: <code>ssh-forward</code> (or <code>ssh-port-forward-manager.sh</code>) * Easy to add/remove devices * Automatic rule application == Your Existing Setup == Your Synology NAS SSH forward has been migrated automatically: * '''Device''': synology * '''External Port''': 22222 * '''VPN IP''': 10.8.0.2 * '''SSH Port''': 22 * '''Access''': <code>ssh -p 22222 user@87.106.61.62</code> '''No changes needed''' - everything continues to work as before! == Adding a New Device == === Example: Add a Raspberry Pi === ==== '''Verify the device is on VPN:''' ==== <pre class="lang-bash"> === Check if device is connected === cat /etc/openvpn/server/ipp.txt ping -c 2 10.8.0.3 # Replace with your device's VPN IP </pre> == '''Add the port forward:''' == <pre class="lang-bash"> sudo ssh-forward add raspberrypi 22223 10.8.0.3 22 </pre> == '''Verify it's active:''' == <pre class="lang-bash"> sudo ssh-forward list </pre> == '''Test from external location:''' == <pre class="lang-bash"> ssh -p 22223 user@87.106.61.62 </pre> == '''Configure IONOS firewall:''' == * Log in to https://dcd.ionos.com/ * Navigate to: Server & Cloud β Servers β [Your VPS] β Firewall * Add rule: TCP port <code>22223</code> β Allow == Common Commands == <pre class="lang-bash"> === List all SSH port forwards === sudo ssh-forward list == Add a new device == sudo ssh-forward add <name> <external_port> <vpn_ip> [ssh_port] # Remove a device sudo ssh-forward remove <name> == Reapply all forwards (after manual config edit) == sudo ssh-forward apply </pre> == Port Recommendations == * '''22222-22299''': Reserved for SSH port forwards * '''22222''': Synology NAS (already in use) * '''22223+''': Available for new devices == Configuration File == Location: <code>/etc/ssh-port-forwards.conf</code> Format: <pre> device_name:external_port:vpn_ip:ssh_port </pre> Example: <pre> synology:22222:10.8.0.2:22 raspberrypi:22223:10.8.0.3:22 </pre> == Troubleshooting == === Port forward not working? === ==== Check device is on VPN: ==== <pre class="lang-bash"> ping -c 2 <vpn_ip> </pre> == Verify rules exist: == <pre class="lang-bash"> sudo ssh-forward list iptables -t nat -L PREROUTING -n | grep <external_port> </pre> == Reapply rules: == <pre class="lang-bash"> sudo ssh-forward apply </pre> == Check IONOS firewall allows the port == === Need more help? === See the complete documentation: [SSH Port Forwarding Management](index.md) ---- '''Quick Reference''': <code>ssh-forward</code> or <code>/usr/local/bin/ssh-port-forward-manager.sh</code> [[Category:Documentation]] [[Category:Documentation/SSH Port Forwarding]]
Summary:
Please note that all contributions to jb-vpn.uk Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Jb-vpn.uk Wiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
SSH Port Forwarding:Quickstart
Add topic
