Return unique identifier when packet is received from outside system
-
Hello,
I'd like to know if there is a way to use the firewall to return a unique identifier when a specific outside system sends a packet.
As my internet connection is based on PPPoE and upon reconnect there is an IP address change and delay until dyndns updates, I'm trying to figure out the best/most secure way to always let the outside system know if it is actually trying to connect to the correct system.
Thanks in advance for any help!
-
@qual25 I don't know if this is possible with pfsense, so I won't answer the question directly, but you can always set up a redirect so that a local host can handle this task?
=>
forward src:port src/proto dst your_host
And on your host, you launch a program that will respond appropriately. This may involve a bit of programming to create the desired response.Otherwise notify your external system directly of the change of address so you do without dyndns and your system is informed of the new address (more quickly than with dyndns)
Same I don't know if pfsense can trigger something in this way other than by dyndns -
@martinez Thank you for your help and input!
I'm aware of several ways that I could handle this, most of which involve opening a port and running a program on either the local or remote side. When faced with the issue I thought, wouldn't it be nice, if something that already exists and is well tested could be "used" in such a way that it solves the problem, without introducing more risk, which is why I asked the question here.
If there is no such option using the firewall directly, then a Wireguard tunnel between pfSense and the remote system might be the best option?! Allow incoming ICMP on the Wireguard interface only, block everything else. The connection would be via dyndns entries and will only be active and the ping possible, if the DNS entry is up-to-date, so a simple ping to the pfSense's wireguard interface IP address would indicate dyndns up-to-date.
Or are there better options?