Firewall Configuration with new change
-
You be better off setting up Pfsense as the one with the WAN Nic, then using VM internal NICs for your servers on the LAN of Pfsense off of that.
-
@thanksajdotcom said:
Ok, is the purpose of the firewall supposed to be for setting up a site-to-site VPN? That's what it sounds like to me.
Oh this is going to get confusing very quickly. I don't see anything that suggests this. What part of his description made you feel that he wanted this?
-
@thanksajdotcom This firewall is just to access the LAN from WAN to connect SSH ports
-
Also, this is relatively complicated, because of technical reasons I'm not going to go into to save on confusion, but you cannot "open" a port on a firewall like this. You have to "port forward". So you have to know the IP Address to which you want Port 22 (SSH) to be forwarded. Only one machine on the LAN can have SSH accessed from the WAN.
-
@Lakshmana said:
@thanksajdotcom This firewall is just to access the LAN from WAN to connect SSH ports
@scottalanmiller said:
@thanksajdotcom said:
Ok, is the purpose of the firewall supposed to be for setting up a site-to-site VPN? That's what it sounds like to me.
Oh this is going to get confusing very quickly. I don't see anything that suggests this. What part of his description made you feel that he wanted this?
His diagram. It looks like he's trying to connect to other workstations.
-
@scottalanmiller said:
Also, this is relatively complicated, because of technical reasons I'm not going to go into to save on confusion, but you cannot "open" a port on a firewall like this. You have to "port forward". So you have to know the IP Address to which you want Port 22 (SSH) to be forwarded. Only one machine on the LAN can have SSH accessed from the WAN.
Dang it you beat me to it.
-
@Lakshmana said:
@thanksajdotcom This firewall is just to access the LAN from WAN to connect SSH ports
SSH is open by default. I'm not sure what you mean access LAN from WAN unless you mean SSH tunneling?
-
@scottalanmiller is right. You need to forward external port 22 to internal port 22 on a specific IP. That is totally different and a firewall and every router pretty much in existence can do a basic port forward.
-
@scottalanmiller said:
Also, this is relatively complicated, because of technical reasons I'm not going to go into to save on confusion, but you cannot "open" a port on a firewall like this. You have to "port forward". So you have to know the IP Address to which you want Port 22 (SSH) to be forwarded. Only one machine on the LAN can have SSH accessed from the WAN.
On port 22.
-
@thecreativeone91 said:
@Lakshmana said:
@thanksajdotcom This firewall is just to access the LAN from WAN to connect SSH ports
SSH is open by default. I'm not sure what you mean access LAN from WAN unless you mean SSH tunneling?
Port forwarding.
-
@Dashrender said:
@scottalanmiller said:
Also, this is relatively complicated, because of technical reasons I'm not going to go into to save on confusion, but you cannot "open" a port on a firewall like this. You have to "port forward". So you have to know the IP Address to which you want Port 22 (SSH) to be forwarded. Only one machine on the LAN can have SSH accessed from the WAN.
On port 22.
Right. You can forward different external ports to internal port 22 on different IPs. That's another way to do it.
-
-
@thanksajdotcom said:
@Dashrender said:
@scottalanmiller said:
Also, this is relatively complicated, because of technical reasons I'm not going to go into to save on confusion, but you cannot "open" a port on a firewall like this. You have to "port forward". So you have to know the IP Address to which you want Port 22 (SSH) to be forwarded. Only one machine on the LAN can have SSH accessed from the WAN.
On port 22.
Right. You can forward different external ports to internal port 22 on different IPs. That's another way to do it.
Too much work. Too much to keep track of.
-
@Lakshmana Why don't you use the wan IP of the CentOS box to SSH into then SSH from that to the LAN machines?
-
@thecreativeone91 If this is possible to do?
-
@thanksajdotcom said:
Right. You can forward different external ports to internal port 22 on different IPs. That's another way to do it.
Don't keep adding new concepts. Let's stick just to getting through his one question. He's confused enough.
-
@Lakshmana said:
@thecreativeone91 If this is possible to do?
It's super easy. So much easier than port forwarding in the firewall. And far more useful.
-
@scottalanmiller Yes Scott I got somewhat confused
-
@scottalanmiller Can you explain Scott
-
Is there a reason that you are using CentOS for this? This is a rather complicated setup that a normal IT pro would not do. Normally you would simply install a firewall product like SmoothWall or pfSense and be done with it. Far easier AND more secure. You should be done in minutes and not need to learn anything new.