ha proxy ssh add backend IP stops ssh connect
-
@viragomann I want the client IPs on the ssh server to block unwanted connections
Tia
Stefan -
@nopanic
You can do this on pfSense or in HAproxy as well. -
@viragomann okay. How? On the ssh server Im using an IDS for blocking and snort on pfsense. Are there other solutions?
thanks!
Stefan -
@nopanic
Do you want to simply block / allow certain IPs or do you need to inspect the traffic?
For inspection you can use snort or suricata, but I'm don't think that these tools can see much in an ssh traffic, since it's encrypted. -
@viragomann I want to inspect and in case ex. of bruteforcing block the client IP. With snort its running very well and on the the server I use ossec for blocking-
thanks
Stefan -
@nopanic courious: I disable the transparent mode and see on the server logs the client IP. Should it not be rewritten to the pfsense IP?
-
@nopanic
I would expect to see the pfSense interface IP.
Maybe you forward the traffic to the backend by a NAT rule? -
@viragomann yes, the there is a forward nat rule
-
@nopanic ahh okay , I disable those rules now I see the pfsense IP. But why I can not use the "opt" interface in transparent mode?
-
@nopanic nat rule disabled, no connction, Trying now the opt interface in transparent.. its running!!
thanks for help!!
-
@nopanic Hello all
I have to come back cause the traffic goes only from LAN to OPT. From WAN site I dont get a connection.
Courious: When I do tcp tranparent entries and wnat back to nat-forwarding I have to reboot the machine, so forwarding work again. I have to delete the entries and reboot. Disabling is not enough.Can someone help?
Tia
Stefan