Zerotier on ispconfig

Discussion in 'ISPConfig 3 Priority Support' started by pvanthony, Apr 17, 2023.

  1. pvanthony

    pvanthony Active Member HowtoForge Supporter

    There is so much of attempts on ssh. Fail2ban is doing its best.
    Thought of using zerotier so that I can leave the ssh port blocked.
    Installed the zerotier-one on Debian 11 and zerotier got the private ip.
    Can ping but cannot ssh.
    If I open the ssh port, then I can ssh in.
    There is another Debian 11 server that is behind an Asus router with port forwarding to the ssh port.
    Installed zerotier-one, got the private ip. Left the ispconfig firewall open for ssh but closed the port-forwarding in the asus router.
    I can ssh into the server even when the asus router has blocked the port.
    How to change the firewall to make zerotier work when the server is in the datacenter connected directly to the internet?
    Any advice on zerotier?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You probably want to contact Zerotier support and ask them how to get their software to work, as that's not ISPConfig related. On Debian and Ubuntu, your firewall is likely UFW. So you must ask them how to get their software to work with UFW Firewall.
  3. pvanthony

    pvanthony Active Member HowtoForge Supporter

    You are correct. It is not actually a ispconfig thing.
    I will ask zerotier and report back.
    till likes this.
  4. pvanthony

    pvanthony Active Member HowtoForge Supporter

    Received this solution from another user at zerotier.
    While experinmenting got this to work. Seems to do the job without affecting ispconfig setup.
    Change the ListenAddress setting to the ip address of zerotier in sshd_config and restart sshd.
    Now ssh is not on the public ip. Only on the private ip of zerotier.
    Hope this helps others.
    Hopefully no more hackers trying to get in using ssh.
    till likes this.

Share This Page