Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtual IP routing from an internet IP range to a LAN server over port 22 ?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rickym
      last edited by

      I have 5 fixed IP's on one of my WANS (OPT) setup using virtual IP's in pfsense RC3.

      I need to allow connection through one of my fixed virtual IP's using SSH (port 22).
      I want to restrict access to their IP range and forward the ssh port through to a specific server LAN IP.

      I know I can create a NAT rule to do most of this but it doesn't restrict who can connect from the internet.

      Can someone please let me know how to setup a rule to do this, or point me to relevant documentation?

      Thanks,
      Ricky

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Change the to the NAT-entry corresponding autocreated firewall rule to only accept as source your specified IP's (best to use an Alias for this)

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • R
          rickym
          last edited by

          Thanks for that GruensFroeschli.

          I think the relationship between the two rule types was throwing me, now it all makes sense!

          Just one more question!

          The firewall rule created by nat does not have a source port set but does have a destination port set.
          Is this a bug OR is there a reason I shouldn't set the source port?

          Thanks,
          Ricky

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            The source would be the port from which the connection is initiated.
            "Normally" this is a random port above 1024.
            So if you'd have as source a limitation to certain ports almost all clients wont be able to connect.

            If you need more information search the net for the basics on how x/IP connections work.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.