SSH port forward NAT rules

  • Do I have to create a port forward NAT rule for every server that I want to access via SSH from behind pfSense - including those I indirectly access?

    What I mean is - I prefer to ssh to one server that's NAT'd to the puplic IP address and then ssh to the others from that.

    Because I'm a noob I have a NAT port forward rule for ssh for each server I access, which is probably 'wrong' and insecure.

    Is this unnecessary? Can I just port forward ssh on the first server then ssh to the others without forwarding their ports too?

  • Not only can you, the extra forwards are useless.  If you are ssh'ing to server X, and then once you get to X you say 'ssh Y', that second ssh is invisible to pfsense, since the traffic is inside the first ssh tunnel.

Log in to reply