Port Forward Debian

[Slacker1716 0]

Hello. I know there are topics of port foward but I am having trouble figuring this out. I have a VM I built with Debian 12. I have installed wireguard client on wg0 and generated the configuration for it. VPN works fine and I am able to do what I need with qBittorent it appears. I requested two ports for port forwarding though and I am trying to forward those ports to access the VM while connected to the VPN. Right now I have a console to access the server but I would like to come in either via ssh or VNC. I installed UFW on the server. It sits behind a NAT but my understanding here is I do not need to actually open any ports on the router since I am coming in through the VPN connection. 

Any guidance on what I need to do to access the server from the internet (over the VPN)? Again I have it is debian, UFW, Wireguard setup right now.


 

[OpenSourcerer 1363]

So, you've got a server on which a VM with qB is running. The server connects to AirVPN via Wireguard, and you use ufw on it.
You want to access the VM from wherever via SSH or VNC. Is this understanding correct?

If so, does the server as a whole need that VPN connection? You could connect the VM alone to AirVPN and safe yourself the trouble of setting up forwarding on the server.
 

3 hours ago, Slacker1716 said:

Any guidance on what I need to do to access the server from the internet (over the VPN)?

You'd need to forward packets coming on the wg0 interface to the VM interface. You can do that with iptables and nft, but I'm not sure ufw can be fed such directives.
 

3 hours ago, Slacker1716 said:

It sits behind a NAT but my understanding here is I do not need to actually open any ports on the router since I am coming in through the VPN connection. 

Correct.

[Slacker1716 0]

No the server as a whole does not need the VPN connection. I am open to suggestions. I can also use just iptables. My trouble is how do I set this up. I figured the port forward is the easiest way to set this up but am open to segmentation if you have a guide or suggestions on how that would work. Thanks for any help.

 

[OpenSourcerer 1363]

Just connect with the VM, then; it should solve the problem at its root.

[t5qxq6TS 0]

For ssh, edit /etc/ssh/sshd_config (take note of the 'd' in sshd_config, as /etc/ssh/ssh_config also exists, but isn't what you want).
Find the line with:

#Port 22

Change that to this (I'll use 55555 just as an example, change that to the port you have forwarded with AirVPN):

Port 55555

(Also take note of the deleted '#')

Restart ssh on the VM with:

sudo systemctl restart sshd

Find the exit IP address of the VPN your VM is connected to by going to https://airvpn.org/sessions/ & look for:

Exit IPv4:

To ssh to your VM (change username, IP address & port with your information):

ssh -p 55555 username@123.123.123.123

(-p specifies the port)

Edited ... by t5qxq6TS
Cleaned up syntax & added clarification

[OpenSourcerer 1363]

16 hours ago, t5qxq6TS said:

For ssh, edit /etc/ssh/sshd_config (take note of the 'd' in sshd_config, as /etc/ssh/ssh_config also exists, but isn't what you want).
Find the line with:

#Port 22

Change that to this (I'll use 55555 just as an example, change that to the port you have forwarded with AirVPN):

Port 55555

(Also take note of the deleted '#')

Restart ssh on the VM with:

sudo systemctl restart sshd

Find the exit IP address of the VPN your VM is connected to by going to https://airvpn.org/sessions/ & look for:

Exit IPv4:

To ssh to your VM (change username, IP address & port with your information):

ssh -p 55555 username@123.123.123.123

(-p specifies the port)

Note that this is superfluous. Forwarding a random port while entering local port 22 will accomplish this without reconfiguring sshd.