Chris Bagnall schreef op 22-2-2015 om 18:34:
On 22/2/15 5:07 pm, Jason Pyeron wrote:
Other than changing the default gateway on that host, how can I port
forward SSH to that host?
If you know the source IP (or range) of the traffic, you might be able
to set a static route on the host to send traffic to <specific IPs>
via the pfSense rather than the default gateway.
So if your source traffic is from 1.2.3.0/24, LAN on your pfSense is
192.168.0.254 and your host is on 192.168.0.10, you'd create a rule on
that host as follows:
route add -net 1.2.3.0/24 gw 192.168.0.254
(obviously that's a Linux example, but there's no reason to stop you
doing the same thing on a Windows, Mac, or indeed just about any other
host that'll allow you to manipulate the routing table)
Kind regards,
Chris
Other option is to configure a outbound nat rule on the lan interface
for the destination to that host so pfSense will nat traffic comming
from outside to the lan-ip of pfSense before sending it to the
destination host. That way all traffic will seem to be comming from
pfSense and the host will know the route back, as it is on the
link-local subnet. Any logs or other permission logic that tries to
distinguish between client-ip's will be useless though..
Greets,
PiBa-NL
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
