I have setup port forwarding rules on the firewall which maps external ports to internal SSH ports. The SSH port forwarding rules are for systems running on different OSes including CentOS 6, CentOS 7 and AlmaLinux 8.
When connecting from outside the network, I was expecting the SSH daemon to see the IP of the gateway since it does port address translation and source IP will be changed to the gateway's local IP.
However, it seems I get different results depending on the OS in my internal network.
On the CentOS 6 server, I get the connection as coming from the local IP of the gateway:
Mar 26 00:50:01 centos6 sshd[4993]: Accepted keyboard-interactive/pam for testuser from 192.168.1.1 port 1288 ssh2
On the CentOS 7 server, I get the connection as coming from the external source IP:
Mar 26 01:06:27 centos7 sshd[5975]: Accepted keyboard-interactive/pam for testuser from 118.110.11.110 port 1727 ssh2
On the AlmaLinux 8 server, I get the connection as coming from the external source IP:
Mar 26 01:08:58 almalinux-8 sshd[2728]: Accepted keyboard-interactive/pam for testuser from 118.110.11.110 port 2131 ssh2
I thought that when connecting externally to CentOS 7 and AlmaLinux 8 systems, it would always show as coming from the external source IP but this is not always the case.
Two of the customer sites I connected to which were on CentOS 7 had the IP as coming from the local gateway IP instead of the external source IP.
Why is it different for these two customers and the rest are showing up as from external source IPs? I would prefer that the external source IPs is always showing as I would like to enforce MFA for external access and disable MFA from the local network.
