Access to web-configurator and ssh via CARP IPs
fwcheck last edited by
At first I like the good work of the pfsense-Team.
I have an issue, which i think arises if i do nat via CARP-IPs.
Maybe this is a misconfiguration or misunderstandig of how the system works.
System: 2.3.2-p1, redundant CARP configuration.
For NAT i use CARP-IPs (often public ips), but if i do so,
you can access the webconfiguratior using
<carp-ip>:443 or SSH via <carp-ip>:22
The occurs even if i do outbound NAT on CARP ips.
The alternative would be to use IPs of type other.
Therefore the following questions arise:
- How do i forward 443 or 22 using a CARP-IP ?
- Is there a recommended way to restrict ssh and the webinterface (GUI) to listen only to one or two ips e.g. only the LAN interface ?
- For a redundant configuration with NAT does the IP-Type other work flowlessly on failover ?
One workaround is to use floating-rules which block access to ips and services, but i think this does not help for port 22 or 443.
If you have further questions or need an example, let me know.</carp-ip></carp-ip>