I have been trying 'to fix' the issue 'that the sftp-server sees the proxy address' and not the 'client address'
Since a proxy is forwarding a package, it is not strange that the server at the destination side normally sees the address of the proxy and not that of the client.
Luckily there are protocols which allows the proxy to forward the client address.
So the big question is how:
to enforce HA-proxy to forward the client IP and
how to enforce the SSH-server to use the (added) client address
The config is as follows:
pfsense 2.7 actual build
in ssl /https(TCP-mode
frontend listening to WAN-address (4/6) port 22
IPV4-frontend and an IPV6-frontend
IPV4 and an IPV6 back-end
bitvise (advanced) ssh-server (on windows)
That works, no problem apart of the 'lack of client address issue'.
I did a lot of searching on the internet and found options like:
‘option forwardfor’ (usable for the front and/or the back-end)
options like 'send-proxy' and 'send-proxy-v2' and for bitvise
'proxy protocol'(disabled or required (default disabled)) and
'Enable UPnP gateway forwarding (on/off (default off))
After reading the links below I decided to try almost all possible options ...... nothing worked.
So if someone has a working config, I would love to know how 😊
I did google a lot. Here some links, which might or might not help (enough)