I have a Vultr VPS that I do some development work on. I’d like to be able to limit specific ports (SSH, primarily) to my home’s dynamic IP address. The problem is I have dynamic IP and my ISP won’t sell my a static IP.
I can get a $20/GB per month LTE service from Protectli that has a static IP. I’m thinking about setting that up with something like the Mikrotik LtAP LTE router (supports passing through the IP address to the main router), to 1) push all the traffic to the Vultr VPS through to access SSH - effectively giving me a useable static IP address and 2) serve as a redundant connection when my ISP is down. I’d likely employ a script that throttles throughput through the LTE router to a great extent so that I don’t get killed on data charges through the LTE router.
Is this feasible? Has anybody done anything like this?
You’d want to look into policy routing. Aliases are your friend here too.
So basically you’d put the IP address (or a range of IP address) and ports into aliases, then reference those aliases in a firewall rule. In the same firewall rule, specify the gateway you’d want the traffic to flow out of.
Also, it might be cheaper to get another VPS and run a wireguard tunnel vs getting the $20/GB/mth LTE connection?
Or just straight up run a wireguard tunnel to your existing VPS?