Forwarding SSH requests….
-
well no I didnt.. Im not trying to hit SSH on the Pfsense.. just the Untangle box that's in bridge mode behind the Pf.
-
yes i do… a much higher port than 22 though ;D
In your pics, you are still using the standard port 22 in your settings
-
allanon is not trying to SSH into pfSense…
but into his untangle box.
SSH on pfSense is NOT on port 22.do you have the possibility to set the port on your untangle box?
if yes you could try another port.if not: you could try to change the NAT-rule on pfSense so that it forwards a different external port (maybe 222 ?) to to 22.
maybe that works. -
Yes I can..however when I had the port on the Untangle box set to 22223 via sshd_config I was no longer able to hit SSH from the LAN side. So I changed it back to 22. I mean the rules look valid to me.. and NAT crated them auomatically so I dont really understand why I cannot hit it from the outside (WAN) side.
-
I'm also experiencing a similar problem, I've enable ssh on pfsense port 5678, the DMZ servers I'm connecting are using port 5678 too. I was able to logon to pfsense in our LAN but can't ssh to the DMZ servers if port 5678 is used, however if I changed the DMZ server's ssh port from 5678 to 22, I have no problem connecting. Also I can't ssh to pfsense remotely, I don't know what's wrong with the rules because I can access the pfsense gui remotely. Do I need additional rules to connect to pfsense then to the DMZ servers?
-
Solved my problem by creating a firewall rule to allow SSH to pfSense from certain ip address. I can now SSH to pfSense then to the servers, but I think it's not the same as the OP's want.
-
Quickly reading through the thread the OPs problem was that they had SSH running internally on 22223/tcp but were forwarding incoming SSH packets to the default port (22/tcp). That'll never work ;)
-
No actually thats not what Im trying to do..maybe a picture will help ;)
So Im trying essentially to access my Untangle box, which is performing Spam, Phish, AV filtering, via SSH. I do not even know if SSH or remote administration is enabled on my Pfsense box. I went thru NAT, created rules forwarding packet inbound for SSH and forwarding them to port 22223 on the Untangle box (192.168.15.2)
-
That's what I thought.
-
And if you rearrange the drawing a bit you'll see:
┌───────┐ ┌───────┐ ┌──────┐
–WAN--┤ pfSense ├--LAN---(WAN)--┤ untangle ├--(LAN)--┤ switch ├--(local subnet)-...
└───────┘ └───────┘ └──────┘You said you can reach the Untangle box's SSH port from local subnet side.
Are you sure it is reachable from its WAN side (or whatever it's called) as well? This would explain your problems at least.
But to be honest I don't know a thing about an 'Untangle' box so maybe I am totally off track.
