0

I have a NAS in my living room with a bunch of services like GitLab, NextCloud, my personal Website etc. running on it. All these services are reachable via a reverse SSH tunnel between my Ionos VPS with a public IP address running the reverse proxy for my domain and my NAS. This works fine. However, I cannot for the life of me get a regular remote SSH connection from my terminal to the NAS to be established which means I have to SSH into the VPS first and then SSH into the NAS from there and can only use GitLab via HTTPS not SSH. Maybe someone here has an idea.

Here's my setup:
NAS (main user malik):
autossh unit:

[Unit]
Description=Reverse SSH Tunnel to VPS
After=network-online.target
Wants=network-online.target

[Service]
User=malik
Environment=HOME=/home/malik
ExecStart=/usr/bin/autossh -M 0 -N \
  -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" \
  -i /home/malik/.ssh/vps_autossh \
  -R 8080:localhost:80 \
  -R 8443:localhost:443 \
  -R 3001:localhost:3001 \
  -R 8001:localhost:8000 \
  -R 8099:localhost:8099 \
  -R 8022:localhost:8022 \
  -R 2222:localhost:2222\
  [email protected]
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

SSHD config:

Include /etc/ssh/sshd_config.d/*.conf

AuthorizedKeysFile      .ssh/authorized_keys

Subsystem       sftp    /usr/lib/ssh/sftp-server

VPS:

Main user root for admin and restricted user tunneluser for reverse tunnels

SSHD config:

Include /etc/ssh/sshd_config.d/*.conf

KbdInteractiveAuthentication no

UsePAM yes

AcceptEnv LANG LC_*

Subsystem       sftp    /usr/lib/openssh/sftp-server

ClientAliveInterval 120
PermitRootLogin yes

Match User tunneluser
    PasswordAuthentication no
    AllowTcpForwarding yes
    GatewayPorts yes

I use 8022 for GitLab SSH and 2222 for my main NAS user. It looks like everything is working:

root@my-vps:~# sudo netstat -tulnp | grep 8022
tcp        0      0 0.0.0.0:8022            0.0.0.0:*               LISTEN      3546/sshd: tunnelus
tcp6       0      0 :::8022                 :::*                    LISTEN      3546/sshd: tunnelus
root@my-vps:~# sudo netstat -tulnp | grep 2222
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      3627/sshd: tunnelus
tcp6       0      0 :::2222                 :::*                    LISTEN      3627/sshd: tunnelus

When I try to connect from my laptop I get a network unreachable error:

ssh -p 2222 [email protected]
ssh -p 8022 [email protected]
telnet 212.227.63.142 2222
telnet 212.227.63.142 8022

What am I doing wrong?

Improve this question

1 Answer 1

Reset to default
2

Found the solution. It's something Ionos does for added security. You have to manually allow this in the firewall tab on your VPS panel on the Ionos website. This is separate from your own firewall/iptables config.

Improve this answer
1
  • 1
    Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. Commented Jul 31 at 14:53

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.