SSH port forward NAT rules
Do I have to create a port forward NAT rule for every server that I want to access via SSH from behind pfSense - including those I indirectly access?
What I mean is - I prefer to ssh to one server that's NAT'd to the puplic IP address and then ssh to the others from that.
Because I'm a noob I have a NAT port forward rule for ssh for each server I access, which is probably 'wrong' and insecure.
Is this unnecessary? Can I just port forward ssh on the first server then ssh to the others without forwarding their ports too?
Not only can you, the extra forwards are useless. If you are ssh'ing to server X, and then once you get to X you say 'ssh Y', that second ssh is invisible to pfsense, since the traffic is inside the first ssh tunnel.