Dear all,
I need your help, I've a Ubuntu server used as SFTP server.
The service is open locally in the LAN using the standard 22 TCP port.
As I need to open the SFTP over Internet, I configured Port Sharing in my internet box, which is a Fritzbox for home.
Everything works fine. However I would like to restrict access to the service to identified trusted IP.
I don't see anything which allow such activities in my internet box. Indeed, I can only select the internal machine I wish to open on internet, by saying what is internal port and what is the port wished on internet.
So I've a question, by default on my Internet box all connections are denied, excepted when I open specific port.
Can I configure my Ubuntu server to manage incoming IP restriction?
If yes, could you explain me how?
Supposing my Internet IP address is 75.200.123.25, how I can configure my Ubuntu?
I'm pretty sure such way is not possible, but my networking courses are far away.
Thanks in advance,
Regards
You should be able to restrict to the given IP with an access control list, if Fritzbox allows that. I did not see that in a brief search, but did find this page for setting up the port sharing:
https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-7590/1376_Setting-up-MyFRITZ-sharings/
Using the access control list, if available, as it will be the best security for you. An open port is always more risky if any address can reach it, even if it is an open port in an unusual part of the port range.
Thanks Dean,
Port sharing is already configured on the Fritzbox 7530 AX. However, the box doesn't offer capability to filter with incoming IP as far as I can see in the interface and the manual. But I'm not familar with this kind of box.
Is there an ability to do that with the ISP router?
Finally done!
Real IP address is showed on serveur side so I can configure the sshd_config acordingly.