WebConfigurator and SSH Listen IP:port
I would like to tell the web configurator and sshd to only bind to a specific interface. I am setting up like this:
WAN = WAN
LAN = Management
OPT1 = GUEST1
OPT2 = GUEST2
Web configurator on port 8443, sshd on port 22.
When I open a shell, and look at the listening ports, I see *:80 *:8443 and *:22
I'd love to see management_ip:80, management_ip:8443, management_ip:22 instead like we can do with SNMP.
I don't see any way to do this in the GUI. (2.1?)
I edited /etc/sshd (adding ListenAddress) and /etc/inc/system.inc (Adding server.bind and the port 80 redirect to management_ip:80)
This isn't working for me. sshd isn't starting on boot even though the console message says it's starting..done. I tried updating the pfSense_md5.txt with the right hash for /etc/sshd but no dice. Running /etc/sshd manually starts the daemon.
Is there something more elegant? It would seem silly to have to have a block rule for every interface address on 22/80/8443 to achieve the same thing. If I can adjust the listen address I can have one floating rule for all OPT/GUEST interfaces blocking traffic to the management subnet.
sgtr last edited by
Firstly you should add managing ports and ip range to firewall which interface that want to permit to manage and then System > Advanced > Anti-Lockout must be checked.
Yeah. I use the initial LAN port as my management interface so the anti-lockout functions make sense.
I've been looking at this more since posting and have decided it is better to simply create a port alias with 80, 8443, and 22 and enter a reject rule that prevents each subnet from accessing those ports on their own interface. I already have to have rules that reject traffic, for example, from OPT1 to Management and OPT2 anyway.
Way better than modifying 2.0.3, though the ability to bind admin services (webConfig/ssh) to a specific interface would be a welcome enhancement.