External Access: Difference between revisions

From Sea of Fate
Jump to navigationJump to search
Newer edit →
Created page with "==Introduction== I will want access to various hosts for file shares and configuration. This is where I will describe it. ==SSH Access== I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and no..."
 
Line 6: Line 6:
==SSH Access==
==SSH Access==


I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that  mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally i will only need one
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that  mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one

Revision as of 15:53, 1 March 2025

Introduction

I will want access to various hosts for file shares and configuration. This is where I will describe it.


SSH Access

I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one

Retrieved from "https://wiki.seaoffate.net/index.php?title=External_Access&oldid=35"