My network architecture for exposing linux vms running on my homelab to provide them as vps servers for friends and giving them their own public ip address.

This post is made for debian based linux distros.

Don’t expose ssh, use a VPN

This is obviously not viable for stuff running in the cloud but for a homelab server its advised to not expose ssh or management ports, if you need external access use a free VPN service like Tailscale or self-hosted Wireguard.

Non-root account for logins / Disable root login

Disabling the ability to login as root helps with many automated bots that brute-force ssh into your server, start by making a new user with any username you want