The internal IP shown instead of the public IP is a direct result of Scaleway's network architecture.
With their public cloud instances, public IPs are actually NATed one-to-one on the private IP of the instance.
In the case of KeyHelp, since the public IP is nowhere to be found in the OS network interfaces, KeyHelp cannot know what the public IP is (though theoretically, it could by querying this information from the outside).
You cannot replace the private IP on the instance without completely breaking networking on it.
What you can do, however, is assigning the public IP on an "alias interface" on the OS.
For example, imagine my Scaleway instance has private IP
10.65.45.25 and public IP
51.158.128.50, the initial network configuration might look like this:
Code: Select all
$ ifconfig ens2
ens2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.65.50.27 netmask 255.255.255.254 broadcast 10.65.50.27
What you would do then is assign the public IP on an alias interface, like so:
Code: Select all
$ ifconfig ens2:0 inet 51.158.128.50 netmask 255.255.255.255
Which would give you:
Code: Select all
$ ifconfig ens2:0
ens2:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 51.158.128.50 netmask 255.255.255.255 broadcast 51.158.127.45
If you need persistence, you can create a new
.cfg file in
/etc/network/interfaces.d, for example
/etc/network/interfaces.d/60-keyhelp.cfg, with the following contents:
Code: Select all
auto ens2:0
iface ens2:0 inet static
address 51.158.128.50/32
Save the file, and reboot the instance.
KeyHelp will now offer both the private and the public IP in the configuration interface. You can simply uncheck the private IP and keep the public IP.
Cheers!
EDIT: I also found out why the firewall installation was not working properly on Scaleway's Ubuntu 20.04:
Code: Select all
root@testkh:~# grep CONFIG_NFT_ /boot/config-5.4.0-1018-kvm
root@testkh:~# find /lib/modules -name "*nf_tables*"
root@testkh:~# modprobe nf_tables
modprobe: FATAL: Module nf_tables not found in directory /lib/modules/5.4.0-1018-kvm
The nf_tables module isn't built with their kernel which is why the installer cannot apply rules.
Might be worth requesting this to their team.
You could also rebuild the kernel after configuring the correct options to build the nf_tables module.