Virtual IP routing from an internet IP range to a LAN server over port 22 ?
-
I have 5 fixed IP's on one of my WANS (OPT) setup using virtual IP's in pfsense RC3.
I need to allow connection through one of my fixed virtual IP's using SSH (port 22).
I want to restrict access to their IP range and forward the ssh port through to a specific server LAN IP.I know I can create a NAT rule to do most of this but it doesn't restrict who can connect from the internet.
Can someone please let me know how to setup a rule to do this, or point me to relevant documentation?
Thanks,
Ricky -
Change the to the NAT-entry corresponding autocreated firewall rule to only accept as source your specified IP's (best to use an Alias for this)
-
Thanks for that GruensFroeschli.
I think the relationship between the two rule types was throwing me, now it all makes sense!
Just one more question!
The firewall rule created by nat does not have a source port set but does have a destination port set.
Is this a bug OR is there a reason I shouldn't set the source port?Thanks,
Ricky -
The source would be the port from which the connection is initiated.
"Normally" this is a random port above 1024.
So if you'd have as source a limitation to certain ports almost all clients wont be able to connect.If you need more information search the net for the basics on how x/IP connections work.