External Access: Difference between revisions
No edit summary |
|||
| Line 11: | Line 11: | ||
As previously stated each host will listen to SSH on a different port. It would make sense to have them as aliases in Pfsense. The assignments are | As previously stated each host will listen to SSH on a different port. It would make sense to have them as aliases in Pfsense. The assignments are | ||
* mandarin **** | * Mandarin ****01 | ||
* Raisin ****02 | |||
* Lime ****03 | |||
* Fig ****04 | |||
* Logan ****05 | |||
* NS1 ****06 | |||
* mandarin ****07 | |||
Revision as of 16:19, 1 March 2025
Introduction
I will want access to various hosts for file shares and configuration. This is where I will describe it.
SSH Access
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one pass rule for each interface because when I am "inside" ther is no NAT so I can address the hosts by hostname.
Port Assignments
As previously stated each host will listen to SSH on a different port. It would make sense to have them as aliases in Pfsense. The assignments are
- Mandarin ****01
- Raisin ****02
- Lime ****03
- Fig ****04
- Logan ****05
- NS1 ****06
- mandarin ****07
