sshd on two fibs

[Grzegorz Junka]

On 21/09/2020 00:35, Doug Hardie wrote:
>> On 20 September 2020, at 16:20, Grzegorz Junka <list1 at gjunka.com> wrote:
>>
>> I have two WANs and a server with two interfaces, each interface reaching different WAN. The server is configured with two routing tables, fib0 and fib1, one per the corresponding interface.
>>
>> I would like sshd to listen on both interfaces but on different fibs, so that returning packets are sent to the proper gateway. Can I do it with one sshd? Do I need to run two separate sshd's? Can I run two separate sshd's on the same box?
>
> I have sshd running on two interfaces by using pf to handle the situation.  /etc/rc.conf contains
> 	sshd_enable="YES"
>
>
> pf.conf contains
> 	ext_if = "em0"
> 	back_if = "em1"
> 	set skip on lo0
> 	SSH = "nn"
> 	pass in all
> 	pass out all
> 	pass in log on $back_if proto tcp from any to any port $SSH 	
> 	pass in log on $back_if reply-to ($back_if 192.168.1.254) proto tcp from any to any port $SSH keep state
>
>
> where:
> 	nn is the non-standard port I use for ssh
> 	192.168.1.254 is the router for the second interface.
>
> I don't use fibs at all for this, although I do have them setup for when I want to check out the second port connections.

Thanks for your response. I don't use fibs to handle this. I have fibs 
configured for jails and because of that I already have the proper 
gateways configured there, so I thought I can reuse. The pf solution is 
of course good but this is not a public facing server and I don't have 
pf setup on it. Which is not a big problem, just wondering if pf is the 
right solution to handle this?