SSH Port Forwarding:Quickstart: Difference between revisions
Added troubleshooting guide: SSH Port Forwarding - Quick Start Guide |
Major update - troubleshooting guide: SSH Port Forwarding - Quick Start Guide (25 sections) |
||
| Line 1: | Line 1: | ||
== What Changed? == | == What Changed? == | ||
| Line 40: | Line 38: | ||
=== Example: Add a Raspberry Pi === | === Example: Add a Raspberry Pi === | ||
= '''Verify the device is on VPN:''' = | ==== '''Verify the device is on VPN:''' ==== | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
=== Check if device is connected === | |||
cat /etc/openvpn/server/ipp.txt | cat /etc/openvpn/server/ipp.txt | ||
ping -c 2 10.8.0.3 # Replace with your device's VPN IP | ping -c 2 10.8.0.3 # Replace with your device's VPN IP | ||
</pre> | </pre> | ||
= '''Add the port forward:''' = | == '''Add the port forward:''' == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
sudo ssh-forward add raspberrypi 22223 10.8.0.3 22 | sudo ssh-forward add raspberrypi 22223 10.8.0.3 22 | ||
</pre> | </pre> | ||
= '''Verify it's active:''' = | == '''Verify it's active:''' == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
sudo ssh-forward list | sudo ssh-forward list | ||
</pre> | </pre> | ||
= '''Test from external location:''' = | == '''Test from external location:''' == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
ssh -p 22223 user@87.106.61.62 | ssh -p 22223 user@87.106.61.62 | ||
</pre> | </pre> | ||
= '''Configure IONOS firewall:''' = | == '''Configure IONOS firewall:''' == | ||
* Log in to https://dcd.ionos.com/ | * Log in to https://dcd.ionos.com/ | ||
| Line 72: | Line 70: | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
= List all SSH port forwards = | === List all SSH port forwards === | ||
sudo ssh-forward list | sudo ssh-forward list | ||
= Add a new device = | == Add a new device == | ||
sudo ssh-forward add <name> <external_port> <vpn_ip> [ssh_port] # Remove a device | sudo ssh-forward add <name> <external_port> <vpn_ip> [ssh_port] # Remove a device | ||
sudo ssh-forward remove <name> | sudo ssh-forward remove <name> | ||
= Reapply all forwards (after manual config edit) = | == Reapply all forwards (after manual config edit) == | ||
sudo ssh-forward apply | sudo ssh-forward apply | ||
</pre> | </pre> | ||
| Line 110: | Line 108: | ||
=== Port forward not working? === | === Port forward not working? === | ||
= Check device is on VPN: = | ==== Check device is on VPN: ==== | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
ping -c 2 <vpn_ip> | ping -c 2 <vpn_ip> | ||
</pre> | </pre> | ||
= Verify rules exist: = | == Verify rules exist: == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
sudo ssh-forward list | sudo ssh-forward list | ||
| Line 121: | Line 119: | ||
</pre> | </pre> | ||
= Reapply rules: = | == Reapply rules: == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
sudo ssh-forward apply | sudo ssh-forward apply | ||
</pre> | </pre> | ||
= Check IONOS firewall allows the port = | == Check IONOS firewall allows the port == | ||
=== Need more help? === | === Need more help? === | ||
Latest revision as of 13:44, 1 January 2026
What Changed?
[edit]The SSH port forwarding system has been refactored from hardcoded iptables rules to a flexible, configuration-driven system. This makes it easy to add SSH access to multiple devices on your VPN.
Before
[edit]- Hardcoded iptables rules in
/etc/iptables/rules.v4
- Manual rule management
- Difficult to add new devices
After
[edit]- Configuration file:
/etc/ssh-port-forwards.conf
- Management script:
ssh-forward(orssh-port-forward-manager.sh)
- Easy to add/remove devices
- Automatic rule application
Your Existing Setup
[edit]Your Synology NAS SSH forward has been migrated automatically:
- Device: synology
- External Port: 22222
- VPN IP: 10.8.0.2
- SSH Port: 22
- Access:
ssh -p 22222 user@87.106.61.62
No changes needed - everything continues to work as before!
Adding a New Device
[edit]Example: Add a Raspberry Pi
[edit]Verify the device is on VPN:
[edit]=== Check if device is connected === cat /etc/openvpn/server/ipp.txt ping -c 2 10.8.0.3 # Replace with your device's VPN IP
Add the port forward:
[edit]sudo ssh-forward add raspberrypi 22223 10.8.0.3 22
Verify it's active:
[edit]sudo ssh-forward list
Test from external location:
[edit]ssh -p 22223 user@87.106.61.62
Configure IONOS firewall:
[edit]* Log in to https://dcd.ionos.com/
* Navigate to: Server & Cloud → Servers → [Your VPS] → Firewall
* Add rule: TCP port 22223 → Allow
Common Commands
[edit]=== List all SSH port forwards === sudo ssh-forward list == Add a new device == sudo ssh-forward add <name> <external_port> <vpn_ip> [ssh_port] # Remove a device sudo ssh-forward remove <name> == Reapply all forwards (after manual config edit) == sudo ssh-forward apply
Port Recommendations
[edit]- 22222-22299: Reserved for SSH port forwards
- 22222: Synology NAS (already in use)
- 22223+: Available for new devices
Configuration File
[edit]Location: /etc/ssh-port-forwards.conf
Format:
device_name:external_port:vpn_ip:ssh_port
Example:
synology:22222:10.8.0.2:22 raspberrypi:22223:10.8.0.3:22
Troubleshooting
[edit]Port forward not working?
[edit]Check device is on VPN:
[edit]ping -c 2 <vpn_ip>
Verify rules exist:
[edit]sudo ssh-forward list iptables -t nat -L PREROUTING -n | grep <external_port>
Reapply rules:
[edit]sudo ssh-forward apply
Check IONOS firewall allows the port
[edit]Need more help?
[edit]See the complete documentation: [SSH Port Forwarding Management](index.md)
Quick Reference: ssh-forward or /usr/local/bin/ssh-port-forward-manager.sh