I recently leased a Ubuntu 22.04 VPS server from a data centre in France. My office PC that links to this server is in Ireland.
My mobile internet IP seems to be static, i.e. it is the same from day to day - at least recently, as I haven't been checking before this.
After doing the basics, e.g. establish new user sudo, update system, etc I enabled ufw and established general access to port 80 and to port 22 but only from my own IP address, xxx.xxx.xxx.xxx/24.
The code went like this:
$ sudo ufw allow 80
$ sudo ufw allow from xxx.xxx.xxx.xxx/24 to any port 22 proto tcp
$ sudo ufw enable
Now after doing this, I exited the server and tried logging in from my home PC. I successfully logged in.
Today, I try to log in again but find my efforts blocked:
$ sudo ssh -p 22 myserver@xxx.www.yyy.zzz
ssh: connect to host xxx.www.yyy.zzz port 22: Connection timed out
A curl test shows no connection either:
$ curl -v telnet://xxx.www.yyy.zzz:22
* Trying xxx.www.yyy.zzz:22...
* connect to xxx.www.yyy.zzz port 22 failed: Connection timed out
* Failed to connect to xxx.www.yyy.zzz port 22 after 129791 ms: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to xxx.www.yyy.zzz port 22 after 129791 ms: Connection timed out
What am I doing wrong here ?
Surely if I coded it incorrectly, I would have been blocked on the login just afterwards rather than a day later . . .
I am wondering . . . must I explicitly allow ssh access on ufw before applying the restriction on calling IPs, e.g.
$ sudo ufw allow 80
$ sudo ufw allow ssh
$ sudo ufw allow from xxx.xxx.xxx.xxx/24 to any port 22 proto tcp
$ sudo ufw enable
EDIT
I acted on suggestions that my IP may be dynamic - although my IP seems to be the same over the last few days. I could have tried the IP address without the /24 subnet but I didn't want the hassle of reinstalling and reconfigging the server all over again. So I just enabled ssh on ufw via
sudo ufw allow ssh
This allows ssh network connections and SFTP transfers - though without restriction on the IP of the client device. Ideally i'd like to restrict the IP access to my server to only 2 machines, my home workstation and some mobile device.
sudo ufw allow from xxx.xxx.xxx.xxx/24
trysudo ufw allow from xxx.xxx.xxx.xxx
- doesn't make sense to allow from your whole subnet unless you "own" it - is xxx.xxx.xxx.xxx a private IP address?