Self-Hosted Main

515 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

[email protected]

ssh and port forwading guide (alien.top)

submitted 11 months ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

is there any guide that shows how to get port forwading and ssh setup since i look anywhere and it seems to just be applicable to a specific setup such as nginx etc

my problem is that i can't port forward to my setup using ssh as it would timed out

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 11 months ago (1 children)

Not a router I know so I can only give general advice.

You need to find out if your ISP allows incoming connections on port 22

You will need to find out if you are on CGNAT or equivalent for your internet connection - look at the external IP address of your kit.

You will need to set your Pi up to have a fixed IP address internally (based done on the router / DHCP server rather than on the PI)

Get fail2ban and ssh keys working first (I would also look to add UFW - do it with a keyboard and screen set up just incase you lock down port 22 in error).

Then you will need to find your router manual and look at that for port forwarding, It can be called a few things:

Application / web services
Port Forwarding
NAT forwarding
Incoming Port Triggering

Avoid anything that is setting up DMZ - you only want to to open one port to the Pi and keep it on your network.

Normally port forwarding will need to know the source and destination port (port 22 in both cases for SSH by default) and the internal IP address or destination (the PI) - some routers will need the MAC address of the PI instead of the IP address. You can normally find this from the router / DHCP server or from the Pi using ip a and looking for the MAC details. Some folk will recommend moving ssh from port 22 - two minds over this as a port scan will show the new port up BUT you do stop the stupid attacks that try to brute force 22 using pi / raspberry

Testing is best done with a different network - use your mobile or a different house as lots of routers do not allow a loop back (hair pinning) into the same network as your originate the connection.

If you find yourself on CGNAT or not able to open port 22 then there are a few things you can look at:

Zeroteir or Tailscale have a free offering for a VPN that originates inside your network so no ports need to be open
Cloudflare tunnels allow web (HTTP / HTTPS) and ssh tunnels to be set up

All of these require a small client program to be running on the Pi or other machine.

[–] [email protected] 1 points 11 months ago

turns out i'm behind a cgnat so that's why i can't port forward so in the end i setup tailscale to bypass it thanks a lot for the info