Netgate SG-1000 microFirewall

Author Topic: Feature / 'bug fix' request - SSH Bind to Lan  (Read 1638 times)

0 Members and 1 Guest are viewing this topic.

Offline Sn3ak

  • Full Member
  • ***
  • Posts: 102
  • Karma: +2/-0
    • View Profile
Feature / 'bug fix' request - SSH Bind to Lan
« on: September 21, 2009, 04:24:11 pm »
Hey guys,

I know this is rather late in the release cycle, but I just started testing 1.2.3 and found a problem with the jail package.
(Actually found a few, will be submitting the patches hopefully this evening.. but this is more host related)

Once you create a jail, you can't actually access it via ssh as the host (pfsense), listens to all ips for a ssh connection.

Would it be possible to add a bind to lan ip option to the ssh service, much like the snmpd daemon? and hopefully get it into this release?

The following added to /etc/sshd appears to work for me, obviously, this would need some gui modifications as well.
otherwise some more work needs to be done on the jail package, to start ssh on another port?!?

Code: [Select]
                if(isset($config['ssh']['bindlan'])) {
                        $bind_to_ip = $config['interfaces']['lan']['ipaddr'];
                } else {
                        $bind_to_ip = "";

                    $sshconf .= "ListenAddress " . $bind_to_ip;

Of course, depending on the uses of the jail(s), dnsmasq and lighttpd would need to be modified as well.. but for now, ssh is the killer.

If you don't want to do this, please do let me know, and I will work up another patch to put the jails ssh on another port..