Date: Mon, 21 Sep 2020 06:40:53 +0000 From: Grzegorz Junka <list1@gjunka.com> To: Doug Hardie <bc979@lafn.org> Cc: freebsd-net@freebsd.org Subject: Re: sshd on two fibs Message-ID: <4cdc586c-2fc7-e1e2-8b9d-d9ded7e6a417@gjunka.com> In-Reply-To: <4D284B7B-F894-46EF-997E-2446117585B7@mail.sermon-archive.info> References: <48e3aa5d-3123-45f2-5c46-6851ad90110a@gjunka.com> <4D284B7B-F894-46EF-997E-2446117585B7@mail.sermon-archive.info>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21/09/2020 00:35, Doug Hardie wrote: >> On 20 September 2020, at 16:20, Grzegorz Junka <list1@gjunka.com> wrote: >> >> I have two WANs and a server with two interfaces, each interface reaching different WAN. The server is configured with two routing tables, fib0 and fib1, one per the corresponding interface. >> >> I would like sshd to listen on both interfaces but on different fibs, so that returning packets are sent to the proper gateway. Can I do it with one sshd? Do I need to run two separate sshd's? Can I run two separate sshd's on the same box? > > I have sshd running on two interfaces by using pf to handle the situation. /etc/rc.conf contains > sshd_enable="YES" > > > pf.conf contains > ext_if = "em0" > back_if = "em1" > set skip on lo0 > SSH = "nn" > pass in all > pass out all > pass in log on $back_if proto tcp from any to any port $SSH > pass in log on $back_if reply-to ($back_if 192.168.1.254) proto tcp from any to any port $SSH keep state > > > where: > nn is the non-standard port I use for ssh > 192.168.1.254 is the router for the second interface. > > I don't use fibs at all for this, although I do have them setup for when I want to check out the second port connections. Thanks for your response. I don't use fibs to handle this. I have fibs configured for jails and because of that I already have the proper gateways configured there, so I thought I can reuse. The pf solution is of course good but this is not a public facing server and I don't have pf setup on it. Which is not a big problem, just wondering if pf is the right solution to handle this?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4cdc586c-2fc7-e1e2-8b9d-d9ded7e6a417>