Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSH port forward NAT rules

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      frwlnb
      last edited by

      Do I have to create a port forward NAT rule for every server that I want to access via SSH from behind pfSense - including those I indirectly access?

      What I mean is - I prefer to ssh to one server that's NAT'd to the puplic IP address and then ssh to the others from that.

      Because I'm a noob I have a NAT port forward rule for ssh for each server I access, which is probably 'wrong' and insecure.

      Is this unnecessary? Can I just port forward ssh on the first server then ssh to the others without forwarding their ports too?

      1 Reply Last reply Reply Quote 0
      • D
        danswartz
        last edited by

        Not only can you, the extra forwards are useless.  If you are ssh'ing to server X, and then once you get to X you say 'ssh Y', that second ssh is invisible to pfsense, since the traffic is inside the first ssh tunnel.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.