Date: Sun, 20 Sep 2020 17:35:42 -0700 From: Doug Hardie <bc979@lafn.org> To: Grzegorz Junka <list1@gjunka.com> Cc: freebsd-net@freebsd.org Subject: Re: sshd on two fibs Message-ID: <4D284B7B-F894-46EF-997E-2446117585B7@mail.sermon-archive.info> In-Reply-To: <48e3aa5d-3123-45f2-5c46-6851ad90110a@gjunka.com> References: <48e3aa5d-3123-45f2-5c46-6851ad90110a@gjunka.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 20 September 2020, at 16:20, Grzegorz Junka <list1@gjunka.com> = wrote: >=20 > I have two WANs and a server with two interfaces, each interface = reaching different WAN. The server is configured with two routing = tables, fib0 and fib1, one per the corresponding interface. >=20 > I would like sshd to listen on both interfaces but on different fibs, = so that returning packets are sent to the proper gateway. Can I do it = with one sshd? Do I need to run two separate sshd's? Can I run two = separate sshd's on the same box? I have sshd running on two interfaces by using pf to handle the = situation. /etc/rc.conf contains=20 sshd_enable=3D"YES"=20 pf.conf contains ext_if =3D "em0"=20 back_if =3D "em1"=20 set skip on lo0=20 SSH =3D "nn"=20 pass in all=20 pass out all pass in log on $back_if proto tcp from any to any port $SSH =09 pass in log on $back_if reply-to ($back_if 192.168.1.254) proto = tcp from any to any port $SSH keep state=20 where: nn is the non-standard port I use for ssh 192.168.1.254 is the router for the second interface. I don't use fibs at all for this, although I do have them setup for when = I want to check out the second port connections. -- Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D284B7B-F894-46EF-997E-2446117585B7>