> -----Original Message----- > From: PiBa > Sent: Sunday, February 22, 2015 12:47 > > Chris Bagnall schreef op 22-2-2015 om 18:34: > > On 22/2/15 5:07 pm, Jason Pyeron wrote: > >> Other than changing the default gateway on that host, how > can I port > >> forward SSH to that host? > > > > If you know the source IP (or range) of the traffic, you > might be able > > to set a static route on the host to send traffic to <specific IPs> > > via the pfSense rather than the default gateway.
Anyone on the internet... > > > > So if your source traffic is from 1.2.3.0/24, LAN on your > pfSense is > > 192.168.0.254 and your host is on 192.168.0.10, you'd > create a rule on > > that host as follows: > > > > route add -net 1.2.3.0/24 gw 192.168.0.254 > > > > (obviously that's a Linux example, but there's no reason to > stop you > > doing the same thing on a Windows, Mac, or indeed just > about any other > > host that'll allow you to manipulate the routing table) > > > > Kind regards, > > > > Chris > Other option is to configure a outbound nat rule on the lan interface > for the destination to that host so pfSense will nat traffic comming > from outside to the lan-ip of pfSense before sending it to the > destination host. That way all traffic will seem to be comming from Notes: Firewall: NAT: Outbound: Select "Hybrid Outbound NAT rule generation (Automatic Outbound NAT + rules below)" Was "Automatic outbound NAT rule generation (IPsec passthrough included)" Firewall: NAT: Outbound: Edit: Do not NAT: unchecked Interface: LAN Protocol: ANY Source:Type: ANY Source:Source port: [blank] Destination: Type: Network Destination: Address: HostIP/32 Destination: Destination port: [blank] Translation: Address: Interface Address Translation: Port: [blank] And it works. > pfSense and the host will know the route back, as it is on the > link-local subnet. Any logs or other permission logic that tries to > distinguish between client-ip's will be useless though.. Thanks, later that host will be configured to handle sticky routes. http://www.linuxjournal.com/article/7291?page=0,0 -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
