Jump to content

SSH Port Forwarding:Management

From jb-vpn.uk Wiki
Revision as of 13:28, 1 January 2026 by Josh (talk | contribs) (Content added - troubleshooting guide: SSH Port Forwarding Management (11 sections))

SSH Port Forwarding Management

This document describes how to manage SSH port forwards.

Management Script Usage

The management script is available at /usr/local/bin/ssh-port-forward-manager.sh or via the alias ssh-forward.

List All Port Forwards

sudo ssh-port-forward-manager.sh list
= or =
sudo ssh-forward list

This displays all configured port forwards with their status (Active/Inactive).

Add a New Port Forward

sudo ssh-port-forward-manager.sh add <name> <external_port> <vpn_ip> [ssh_port]

Example: 

= Add SSH forward for a Raspberry Pi at 10.8.0.3 on external port 22223 =
sudo ssh-forward add raspberrypi 22223 10.8.0.3 22

= Add SSH forward for a server using non-standard SSH port =
sudo ssh-forward add server 22224 10.8.0.4 2222

Parameters:

  • name: Unique name for the device
  • external_port: Port on VPS (must not be in use)
  • vpn_ip: Device's VPN IP address
  • ssh_port: SSH port on device (optional, defaults to 22)

Remove a Port Forward

sudo ssh-port-forward-manager.sh remove <name>

Example: 

sudo ssh-forward remove raspberrypi

This removes the port forward from both the configuration file and iptables rules.

Apply All Port Forwards

sudo ssh-port-forward-manager.sh apply

This reads the configuration file and applies all port forwards. Useful after:

  • Manual edits to the configuration file
  • System reboot (automatically done by iptables-restore.sh)
  • VPN restart

Save Current Rules

sudo ssh-port-forward-manager.sh save

Saves current iptables rules to /etc/iptables/rules.v4 for persistence.

Adding a New Device

Prerequisites

Device must be connected to OpenVPN VPN

  * Device should have a .ovpn configuration file

  * Device should be connected and have a VPN IP address

  * Verify connection: ping <VPN_IP> from VPS

Device must have SSH enabled

  * SSH service should be running on the device

  * SSH should be accessible from the VPN network

Choose an external port

  * Must not conflict with existing services

  * Recommended range: 22222-22299 for SSH forwards

  * Check availability: sudo ssh-forward list

Step-by-Step Guide

Verify device is on VPN:

   # Check VPN connection
   cat /etc/openvpn/server/ipp.txt | grep <device_name>
   
   # Ping device
   ping -c 2 <VPN_IP>

Test direct SSH connection:

   # From VPS, test SSH to device via VPN
   ssh -o ConnectTimeout=5 user@<VPN_IP>

Add the port forward:

   sudo ssh-forward add <device_name> <external_port> <VPN_IP> [ssh_port]

Verify the forward:

   # List all forwards
   sudo ssh-forward list
   
   # Test from external location
   ssh -p <external_port> user@<VPS_PUBLIC_IP>

Configure IONOS firewall (if applicable):

  * Log in to IONOS Cloud Panel: https://dcd.ionos.com/

  * Navigate to: Server & Cloud → Servers → [Your VPS] → Firewall

  * Add rule: TCP port <external_port> → Allow

  * Set appropriate priority

Example: Adding a Raspberry Pi

= 1. Verify Raspberry Pi is on VPN (assume it gets 10.8.0.3) =
ping -c 2 10.8.0.3

= 2. Test direct SSH (using root for Cursor compatibility) =
ssh root@10.8.0.3

= 3. Add port forward =
sudo ssh-forward add raspberrypi 22223 10.8.0.3 22

= 4. Verify =
sudo ssh-forward list

= 5. Test from external location =
ssh -p 22223 root@87.106.61.62
  • [[Documentation:Overview](Overview|- System architecture
  • [Configuration]])(configuration.md) - Configuration file format
  • [Best Practices](best-practices.md) - Security and best practices
Retrieved from "https://wiki.jb-vpn.uk/index.php?title=SSH_Port_Forwarding:Management&oldid=195"