0

I have a NAS in my living room with a bunch of services like GitLab, NextCloud, my personal Website etc. running on it. All these services are reachable via a reverse SSH tunnel between my Ionos VPS with a public IP address running the reverse proxy for my domain and my NAS. This works fine. However, I cannot for the life of me get a regular remote SSH connection from my terminal to the NAS to be established which means I have to SSH into the VPS first and then SSH into the NAS from there and can only use GitLab via HTTPS not SSH. Maybe someone here has an idea.

Here's my setup:
NAS (main user malik):
autossh unit:

[Unit] Description=Reverse SSH Tunnel to VPS After=network-online.target Wants=network-online.target [Service] User=malik Environment=HOME=/home/malik ExecStart=/usr/bin/autossh -M 0 -N \ -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" \ -i /home/malik/.ssh/vps_autossh \ -R 8080:localhost:80 \ -R 8443:localhost:443 \ -R 3001:localhost:3001 \ -R 8001:localhost:8000 \ -R 8099:localhost:8099 \ -R 8022:localhost:8022 \ -R 2222:localhost:2222\ [email protected] Restart=always RestartSec=10 [Install] WantedBy=multi-user.target

SSHD config:

Include /etc/ssh/sshd_config.d/*.conf AuthorizedKeysFile .ssh/authorized_keys Subsystem sftp /usr/lib/ssh/sftp-server

VPS:

Main user root for admin and restricted user tunneluser for reverse tunnels

SSHD config:

Include /etc/ssh/sshd_config.d/*.conf KbdInteractiveAuthentication no UsePAM yes AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server ClientAliveInterval 120 PermitRootLogin yes Match User tunneluser PasswordAuthentication no AllowTcpForwarding yes GatewayPorts yes

I use 8022 for GitLab SSH and 2222 for my main NAS user. It looks like everything is working:

root@my-vps:~# sudo netstat -tulnp | grep 8022 tcp 0 0 0.0.0.0:8022 0.0.0.0:* LISTEN 3546/sshd: tunnelus tcp6 0 0 :::8022 :::* LISTEN 3546/sshd: tunnelus root@my-vps:~# sudo netstat -tulnp | grep 2222 tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 3627/sshd: tunnelus tcp6 0 0 :::2222 :::* LISTEN 3627/sshd: tunnelus

When I try to connect from my laptop I get a network unreachable error:

ssh -p 2222 [email protected] ssh -p 8022 [email protected] telnet 212.227.63.142 2222 telnet 212.227.63.142 8022

What am I doing wrong?

Improve this question

1 Answer 1

Reset to default
2

Found the solution. It's something Ionos does for added security. You have to manually allow this in the firewall tab on your VPS panel on the Ionos website. This is separate from your own firewall/iptables config.

Improve this answer
1
  • 1
    Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. Commented Jul 31 at 14:53

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.