Feature / 'bug fix' request - SSH Bind to Lan

  • Hey guys,

    I know this is rather late in the release cycle, but I just started testing 1.2.3 and found a problem with the jail package.
    (Actually found a few, will be submitting the patches hopefully this evening.. but this is more host related)

    Once you create a jail, you can't actually access it via ssh as the host (pfsense), listens to all ips for a ssh connection.

    Would it be possible to add a bind to lan ip option to the ssh service, much like the snmpd daemon? and hopefully get it into this release?

    The following added to /etc/sshd appears to work for me, obviously, this would need some gui modifications as well.
    otherwise some more work needs to be done on the jail package, to start ssh on another port?!?

                    if(isset($config['ssh']['bindlan'])) {
                            $bind_to_ip = $config['interfaces']['lan']['ipaddr'];
                    } else {
                            $bind_to_ip = "";
                        $sshconf .= "ListenAddress " . $bind_to_ip;

    Of course, depending on the uses of the jail(s), dnsmasq and lighttpd would need to be modified as well.. but for now, ssh is the killer.

    If you don't want to do this, please do let me know, and I will work up another patch to put the jails ssh on another port..

Log in to reply