I logged into my home’s VPN from my mobile device and I needed to access my Pi but then I realised I could not because my Pi allowed incoming SSH traffic only from machines on a specific /24 subnet. At times like this, a jump server/host can act as a bridge.
The solution described here is by no means Enterprise grade. I wrote this to share the basic concept of Jump server with people who are unfamiliar with it.
That you know how to configure firewall.
Imagine having 3 machines: A, B and C where the connectivity is as follows:
A --- B --- C
‘A’ cannot connect to ‘C’ directly; it needs to connect to ‘C’ through ‘B’.
‘B’ is the jump server in this case.
In a typical home network setup (without Jump server), the router on IPv4 is providing implicit firewall via NAT. If there is a flaw in it allowing machines behind the NAT firewall to be exposed directly to the outside world, you have no second line of defence.
Using the same scenario of A, B and C above: