Mosh (mobile shell) is a gift from the Gods(tm). Anyone with spotty internet or wireless connection has suffered the pain of a lost SSH session. Sure, one can fire up screen (or tmux as the kids are using these days), but that's an extra step and you are still using the SSH protocol.
I'm not here to tout the benefits of Mosh, you came here to open it up in your firewall.
- Create the following file as
/etc/firewalld/services/mosh.xml firewall-cmd --add-service=mosh --permanentfirewall-cmd --reload
If you tend to have a lot of sessions (not recommended), you can increase the ports, but the default should be fine for most applications.
Never, ever, ever modify the files in /usr/lib/firewalld/, they will be overwritten on upgrade. firewalld will look for any customization files in /etc/firewalld/ first for any services/ or zones/, so edit or create files there.
Ports exposed are from 60001 (default) to 60100. This is a personal decision to LIMIT the amount of moshes to 100. If you seriously have more than 100 moshes to the same machine, it's seriously a production machine and/or you may have dead sessions. In which case, you may wish to change this number or monitor your mosh dead sessions.
Hi, I'm using your approach but made a little change. Today I got the following issue:
mosh did not make a successful connection to XXXXXXXX:60011.
Please verify that UDP port 60011 is not firewalled and can reach the server.
(By default, mosh uses a UDP port between 60000 and 61000. The -p option
selects a specific UDP port number.)
So, I change the xml to: port="60001-61000"