Date: Sun, 20 Sep 2020 17:35:42 -0700 From: Doug Hardie <bc979@lafn.org> To: Grzegorz Junka <list1@gjunka.com> Cc: freebsd-net@freebsd.org Subject: Re: sshd on two fibs Message-ID: <4D284B7B-F894-46EF-997E-2446117585B7@mail.sermon-archive.info> In-Reply-To: <48e3aa5d-3123-45f2-5c46-6851ad90110a@gjunka.com> References: <48e3aa5d-3123-45f2-5c46-6851ad90110a@gjunka.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 20 September 2020, at 16:20, Grzegorz Junka <list1@gjunka.com> wrote: > > I have two WANs and a server with two interfaces, each interface reaching different WAN. The server is configured with two routing tables, fib0 and fib1, one per the corresponding interface. > > I would like sshd to listen on both interfaces but on different fibs, so that returning packets are sent to the proper gateway. Can I do it with one sshd? Do I need to run two separate sshd's? Can I run two separate sshd's on the same box? I have sshd running on two interfaces by using pf to handle the situation. /etc/rc.conf contains sshd_enable="YES" pf.conf contains ext_if = "em0" back_if = "em1" set skip on lo0 SSH = "nn" pass in all pass out all pass in log on $back_if proto tcp from any to any port $SSH pass in log on $back_if reply-to ($back_if 192.168.1.254) proto tcp from any to any port $SSH keep state where: nn is the non-standard port I use for ssh 192.168.1.254 is the router for the second interface. I don't use fibs at all for this, although I do have them setup for when I want to check out the second port connections. -- Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D284B7B-F894-46EF-997E-2446117585B7>