Connect to the VPS and initiate the port creation process.
Connect to the VPS and initiate the port creation process.
Hi everyone. For reference, I’m running a simple Linode virtual private server with OpenVPN, Pihole, and Nginx as a reverse proxy. At home on Proxmox, I have an Ubuntu server with Linux, OpenVPN client, and Jellyfin installed. It works well for streaming, but sometimes I need to save data on my phone and connect to free public Wi-Fi. The issue is that public networks often block VPN connections, which is frustrating. My goal is to set up dynamic DNS so my phone always has a consistent domain name. This applies whether I’m using Wi-Fi or mobile data. On the VPS, I need to open a port—like TCP 433—and ensure only traffic from my phone’s domain can access it. I want to block all other connections. I’m considering tools like failtoban for extra security, but I’d appreciate some helpful guidance. Thanks!
Configure a VPN server on the VPS, then employ a VPN client with certificate-based login on the mobile device. This offers the strongest protection available. Registering your phone with a domain name doesn’t add meaningful security benefits. I believe you’re referring to port 443 (HTTPS). That would let your phone connect to a web server on the VPS, but what follows? You could run SSH on port 443, enabling data tunneling that blends in with HTTPS traffic. However, it’s unlikely there’s an SSH client for the phone that supports this method, and most apps probably won’t use it or need the tunnel.
Usually a VPS receives a public IP address, which means there’s no need for port forwarding since NAT isn’t required. You can simply configure firewall rules as needed. Setting up a DDNS service on your phone isn’t advisable. Instead, use certificates or similar methods to restrict access to your devices only—this is simpler and more secure. You should be able to host a VPN on port 443, and many firewalls will check for HTTPS traffic on that port and block anything suspicious. It really depends on the firewall configuration.
VPN already configured and active on the VPS. Combined with pihole, it significantly reduces traffic, tracking, and ads for internet access from your phone. Public Wi-Fi often blocks this traffic, which seems suspicious. Registering a domain name isn’t too complex. I need to stop all traffic to port 433 on the VPS (except from the phone). This is what I’m trying to achieve. How is this accomplished? SSH supports any port you choose, and I’m considering using it with tunneling ports added.
Today's traffic mostly uses HTTPS, which means encryption is in place. This makes it hard to see anything beyond the hostname you connect to without a VPN. You can't simply block traffic by domain names like you might think. Instead, focus on source IP addresses. Combine this with a reverse DNS check to see what domain each IP resolves to. If you're connected to Wi-Fi, your device doesn't have a public IP address, so it can't register a domain name directly. It would need to find the router's public IP (for example, at an internet cafe) and update its DNS settings accordingly. For SSH access, use key-based authentication and skip the reverse DNS process—it doesn't really add security.
Firewall tools aren't functioning properly. They don't handle host IPs. The firewall only processes IPv4 and IPv6 addresses. Unless your mobile service uses IPv6 exclusively, devices sharing the same public IP (via NAT) should connect if you manage it well.
Iptables, PF, any Zyxel, Cisco, NetGate, FortiGate, appliance all firewall solutions rely on IP addresses only. DNS data isn't reliable for security management. ufw helps set up iptables configurations.
https://apkpure.com/dynamic-dns-client/ and https://unix.stackexchange.com/questions...ip-address. It looks like I have what I need to achieve my goals. I hope setting this up won't take too long. The aim is to save money on mobile data and use public Wi-Fi with good security.