On Debian 11 server in the cloud, with ufw firewall opened for ssh, zerotier ip can be used to get connection with ssh client from my laptop. When I block the ssh port, I cannot get connection.
On the other hand, if I place a Asus router before the server with all the ports closed and the debian 11 ufw firewall ssp port opened, I can still ssh into the server remotely using the zerotier ip. Even though the Asus router firewall is blocking all incoming traffic.
What settings must be changed in the Debian 11 server, ufw firewall to allow zerotier ip to work but with the ssh port closed? Anid without the Asus router firewall in front of the server.
I was hoping to close all ports and only access the server using zerotier. Any suggestions?
Since the firewall treats the ZT interface like any other network interface, you can just drop access to all protocols and interfaces but the ZeroTier interface itself (“zt7nniznus” or similar). Keep in mind that zerotier needs outbound access to work.
Use “ip link show” (or “ifconfig -a”) and check the firewall again. Btw, you don’t happen to use network namespaces (“ip netns”) ?
Thank you very much for the advice. I will try it out.
I do not know what ip netns is. So I assume I am not using it.
I did run “ip netns” but nothing come up.
While experimenting, found another way to get the ssh to only work with zerotier.
In sshd_config, set the ListenAddress to the zerotier address. Then restart sshd.
Seems to be working. Like you mentioned the port has to be open.
once again thank you for the advice. It has been very helpful and time saving.