• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

ha proxy ssh add backend IP stops ssh connect

Scheduled Pinned Locked Moved Cache/Proxy
14 Posts 2 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    viragomann @nopanic
    last edited by Feb 22, 2023, 11:12 AM

    @nopanic
    You can do this on pfSense or in HAproxy as well.

    N 1 Reply Last reply Feb 22, 2023, 11:38 AM Reply Quote 0
    • N
      nopanic @viragomann
      last edited by Feb 22, 2023, 11:38 AM

      @viragomann okay. How? On the ssh server Im using an IDS for blocking and snort on pfsense. Are there other solutions?
      thanks!
      Stefan

      V 1 Reply Last reply Feb 22, 2023, 12:57 PM Reply Quote 0
      • V
        viragomann @nopanic
        last edited by Feb 22, 2023, 12:57 PM

        @nopanic
        Do you want to simply block / allow certain IPs or do you need to inspect the traffic?
        For inspection you can use snort or suricata, but I'm don't think that these tools can see much in an ssh traffic, since it's encrypted.

        N 1 Reply Last reply Feb 22, 2023, 1:02 PM Reply Quote 0
        • N
          nopanic @viragomann
          last edited by Feb 22, 2023, 1:02 PM

          @viragomann I want to inspect and in case ex. of bruteforcing block the client IP. With snort its running very well and on the the server I use ossec for blocking-

          thanks
          Stefan

          N 1 Reply Last reply Feb 22, 2023, 1:52 PM Reply Quote 0
          • N
            nopanic @nopanic
            last edited by Feb 22, 2023, 1:52 PM

            @nopanic courious: I disable the transparent mode and see on the server logs the client IP. Should it not be rewritten to the pfsense IP?

            V 1 Reply Last reply Feb 22, 2023, 1:56 PM Reply Quote 0
            • V
              viragomann @nopanic
              last edited by Feb 22, 2023, 1:56 PM

              @nopanic
              I would expect to see the pfSense interface IP.
              Maybe you forward the traffic to the backend by a NAT rule?

              N 1 Reply Last reply Feb 22, 2023, 1:58 PM Reply Quote 0
              • N
                nopanic @viragomann
                last edited by Feb 22, 2023, 1:58 PM

                @viragomann yes, the there is a forward nat rule

                N 1 Reply Last reply Feb 22, 2023, 2:01 PM Reply Quote 0
                • N
                  nopanic @nopanic
                  last edited by Feb 22, 2023, 2:01 PM

                  @nopanic ahh okay , I disable those rules now I see the pfsense IP. But why I can not use the "opt" interface in transparent mode?

                  N 1 Reply Last reply Feb 22, 2023, 2:17 PM Reply Quote 0
                  • N
                    nopanic @nopanic
                    last edited by Feb 22, 2023, 2:17 PM

                    @nopanic nat rule disabled, no connction, Trying now the opt interface in transparent.. its running!!

                    thanks for help!!

                    N 1 Reply Last reply Mar 7, 2023, 2:00 PM Reply Quote 0
                    • N
                      nopanic @nopanic
                      last edited by Mar 7, 2023, 2:00 PM

                      @nopanic Hello all
                      I have to come back cause the traffic goes only from LAN to OPT. From WAN site I dont get a connection.
                      Courious: When I do tcp tranparent entries and wnat back to nat-forwarding I have to reboot the machine, so forwarding work again. I have to delete the entries and reboot. Disabling is not enough.

                      Can someone help?
                      Tia
                      Stefan

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        [[user:consent.lead]]
                        [[user:consent.not_received]]