12-02-2019 04:57 AM
I recently switched to Verizon Fios GigE service from cablevision. I do a port forwarding to internal machine for ssh (port 22). I have some rules based on failed login attempts to ban the ip (fail2ban software). SInce I switched to FIOS, I can no longer use that as verizon does a NAT for incoming traffic as well and all of the traffic from outside seems to come from 192.168.1.1 (router ip). Ideally this should only be done for outgoing traffic where the source ip gets replaced with public ip and not for incoming traffic. Is there a setting in router that can fix this behavior?
12-10-2019 06:07 PM
I'm surprised you're having this problem -- when I ssh into my servers from afar, the servers see me connecting from the remote host, not the router. And that, of course, is how things should be...
One of these servers is the DMZ host, and the other's ssh-port is reached via port-forwarding. For both of them connections look as one'd expect...