DNS


CloudFlare does not allow port 22 (usual SSH port) on domain 2

When you try to connect via ssh on a domain for which you are using CloudFlare as a HTTP proxy, you will get the following error:

$ ssh [email protected]
 ssh_exchange_identification: Connection closed by remote host

You have a few options to resolve for this issue:

  1. Either connect directly to the IP of the machine.
  2. Or, setup a CNAME record with no HTTP proxy for the SSH (so that you do not need to remember the IP).
    This solution does not offer any additional benefits than connecting directly to the IP of the server.
    To do that, you need to visit the configure DNS page for your site: e.g. https://www.cloudflare.com/a/dns/example.com,
    then create the CNAME named ssh, use as target your domain (e.g. example.com) and disable HTTP proxy by clicking on the orange cloud and making it gray before pressing the Add Record button.

    Then, you will be able to connect via ssh [email protected].
  3. Last solution but not least is configuring your server to listen for SSH on one of the ports of CloudFlare that are open.
    When this post was written, the following ports were available/open for any site in CloudFlare:
    For requests made via HTTP:

    80
    8080
    8880
    2052
    2082
    2086
    2095

    For requests made via HTTPS:

    443
    2053
    2083
    2087
    2096
    8443

    At the time, we were using an Ubuntu GNU/Linux server, to instruct Ubuntu SSHD to listen to multiple ports we edited the file /etc/ssh/sshd_config and right after the lines:

    # What ports, IPs and protocols we listen for
    Port 22

    we added another line with the new port we wanted to use:

    # What ports, IPs and protocols we listen for
    Port 22
    Port 2053

    After restarting the service
    service ssh restart;
    we were able to connect to our page as follows:
    ssh -p 2053 [email protected];

 


How to setup DNS service for DHCP-enabled KVM guests

So you’ve set up KVM on your machine and you have installed a few guests to run on top, now it’s the time to access them.

Since KVM can run without a GUI, you might want to control these guests from the command line. But, how can you do it if you do not know the IP of the guests?

You can either connect to the guest using virt-viewer:

virt-viewer -c qemu:///system $MACHINE &

which requires more bandwidth since it will open up a VNC session.

Or, use ssh to connect using the guest’s name, like this:

ssh $MACHINE

which doesn’t require that you know the IP beforehand.

To achieve this, access guest machines using their hostname only, you can do the following: Edit /etc/resolv.conf and add the line nameserver 192.168.122.1 right after the search entries .

Your file should look something like this afterwards:
domain in.bytefreaks.net
search in.bytefreaks.net
nameserver 192.168.122.1
nameserver 194.44.13.20
nameserver 194.44.13.58
nameserver 194.44.13.11

Then you are ready to go! No restarts needed no extra steps.

NOTES:

  • After restarting (and some times periodically), the /etc/resolv.conf file will return to its original form because it is updating each time you restart the host machine from data it gets via the network DHCP server.
  • For this tutorial to work as is, your host machine needs to have the virtual IP 192.168.122.1 (the default IP of your host in libvirt — NOT THE IP of eth0, it’s a totally different thing). If you have a different libvirt IP use that one in the /etc/resolv.conf file.
  • Use your host’s IP as your first nameserver in /etc/resolv.conf to achieve name resolution for your guests.