I would like to change the ssh port for a similar reason as @LayLow but I have a problem.
NS8 is running Rocky Linux 9.6 and @davidep firewall commands don’t work because if I remove TCP port 22 from the ssh service and reload the firewall settings then I can’t ssh on TCP port 2222 or TCP port 22 (the latter makes sense).
If I disable port forwarding, remove TCP port 2222 from the ssh service and add TCP port 22 again, then reload the firewall settings, I can still log in on both ports.
I checked but I couldn’t find a /etc/ssh/sshd_config.d/10-ports.conf file either.
@mrmarkuz Of course, I did it according to the documentation.
Sorry, but I don’t understand what you mean. The ssh firewall reset was successful, I reloaded the firewall settings, and later restarted the NS8 server, but I can still log in with ssh on TCP 22 and TCP 2222 ports.
Here is the output of frewall-cmd --list-all prancs:
public (active) target: default icmp-block-inversion: no interfaces: dummy0 eth0 sources: services: http https mail1 ns-wireguard samba3 ssh wg-easy1 ports: 8080/tcp protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Here is the output of frewall-cmd --info-service ssh prancs:
Yes, that’s right. I can’t reproduce. With that configuration I can’t reach SSH on port 2222 anymore, just on port 22.
Did you reload the firewall correctly?
firewall-cmd --reload
Is there maybe another firewall that does port forwarding? Maybe it works because you’re connected via VPN?
I meant that if you setup the port forward to use SSH on port 2222, you still can login locally to port 22. You should test it from another machine and not locally.
There is no other firewall. I am not trying to connect via VPN.
The same is true for public IP addresses or domain names, you can also log in from the internet on TCP ports 22 and 2222 with ssh.
This is an NS8 running on Proxmox that I installed with the ns8-rocky-qcow2 image earlier. I’ve had several problems with it, it doesn’t work as it should sometimes.
Unfortunately, I can’t reinstall it right now. In the meantime, I see that there are a lot of updates for the operating system, I’ll run them to see if that helps.
I checked the documentation several times and knowing the firewall commands I don’t think I made a mistake, but I can’t completely rule it out. Of course, it would help a lot if someone else looked at what I did because more eyes see more…
Over the past week, I’ve been running Crowdsec to see what’s happening to the server on the internet.
Today, for the first time since I set it up, I received a notification from Crowdsec that it had prevented 4.33k attacks in the past week. Since only http and https are currently allowed on the router, the report affects them. I’m attaching a picture of it.
