The best blog

Ubuntu Salt box SSH

Sat Mar 12 2022

I want to connect to an ubuntu machine on my network from the outside. What should I do in my router?

In order to connect to an Ubuntu machine on your network from the outside, you will need to configure:

  1. port forwarding on your router. This will allow incoming traffic from the outside to be directed to the Ubuntu machine. You will need to specify the port number that you want to forward, as well as the IP address of the Ubuntu machine. You can usually find the port forwarding settings in the router's web interface.
  2. firewall on your router.
  3. ssh listening on port on the server.
  4. firewall on the server.

IMPORTANT: note that it is possible to use the IPv6 instead of paying for a static IPv4.

1. Port Forwarding

If you are using salt, connect to the router using http://salt.box. Then login using amdin and <gui password in back of box>. Then select Expert mode. And go to Network Settings > Port Forwarding tab. And at the bottom of page find Add Rules Manually.

The router has these config options:

Name of the personalised service Service: SSH to my machine External host: EHHH Internal host: IHHH Connection: Fixed Connection Protocol: TCP External Port: EPPP Internal Port: IPPP

What should I put in EHHH and IHHH and EPPP and IPPP in order to connect to it using: username@<my_public_ip> -p 2222

For EHHH, you should put the public IP address of the device you are connecting from (leave empty if you want to allow any device). For IHHH, you should put the private IP address of the Ubuntu machine. For EPPP, you should put the port number specified in the username@<my_public_ip> command (in this case, 2222). For IPPP, you should also put the port number specified in the username@<my_public_ip> command (in this case, 2222).

2. Firewall on router

go to Network Settings > Firewall tab. And Custom subtab. Then add a new rule.

Custom Name: SSH - to my machine Service Name: Other Local IP: LIII Local Port: LPPP Action: Accept both ways Protocol: TCP Remote IP: EHHH Remote Port: RPPP

For EHHH, you should put the public IP address of the device you are connecting from (leave empty if you want to allow any device). For IHHH, you should put the private IP address of the Ubuntu machine. For LPPP, you should put the port number specified in the <username>@<my_public_ip> command (in this case, 2222). For RPPP, you should also put the port number specified in the u<sername>@<my_public_ip> command (in this case, 2222).

3. Listening to proper port on server

I set the values you provided, but does not let me connect specifying the port 2222, what could be wrong? Fyi I can connect on standard port 22 (I've added a rule for it).

If the port forwarding and firewall rulesa are configured correctly, then it is possible that the Ubuntu machine is not allowing incoming connections on port 2222. You can check this by running the command.

netstat -an

on the Ubuntu machine and looking for a line that says:

tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN

If this line is not present, then the Ubuntu machine is not listening on port 2222. Uncomment # Port 22 and change it to Port 2222:

sudo vim /etc/ssh/sshd_config
# Port 22
Port 2222
:wq
sudo systemctl restart ssh

4. Firewall allowing port on server

If the line is present, then it is possible that the Ubuntu machine is blocking incoming connections on port 2222. You can check this by running the command:

iptables -L | grep 2222

on the Ubuntu machine and looking for a line that says

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222

If this line is not present, then the Ubuntu machine is blocking incoming connections on port 2222.

The line is not present.

If the line is not present, then you will need to add a rule to the Ubuntu machine's firewall to allow incoming connections on port 2222. You can do this by running the command:

iptables -A INPUT -p tcp --dport 2222 -j ACCEPT

Once this rule is added, you should be able to connect to the Ubuntu machine on port 2222.

Should I use iptables or ufw?

It is up to you which tool you use to configure the firewall on the Ubuntu machine. Both iptables and ufw are valid options.

Are they configuring the same service underneath?

Yes, both iptables and ufw are configuring the same underlying service. The main difference between the two is the syntax used to configure the firewall rules.

Can you give me the rule for ufw?

The command to add a rule to the Ubuntu machine's firewall to allow incoming connections on port 2222 using ufw is:

ufw allow 2222/tcp