Port forwarding and Wan rules open a door
-
Hello everybody,
I have a little problem and does not know how to resolv it.
My internal network (LAN) use public ip addresses. In my LAN, I have an SSH server (A) which I want to access from Internet. But, I want not to access it directly but through a server (B) I put in my DMZ (my goal is to use my LAN as if it used private ip addresses).
On the pfsense I added a port forward rule to redirect all traffic arriving on server B on port 22222 to my server A on port 22. The problem is that it is working only if I add a WAN rule to access all traffic from internet to server A on port 22. This rule open a door and let everybody accessing directly on my server A on port 22 (so the port forwarding rule is useless).
How can I do a port forward rule without having open all traffic on port 22 ?
Cordialy.
Matthieu MARC
-
A little diagram of what you're trying to achieve would help us to help you… Your story is a little confusing.
-
PC –------@Internet@ --------- (WAN) Pfsense (LAN = A.B.C.1) ---------- Server (A.B.C.35)
|
(DMZ = A.B.D.1)
|
Server Proxy (A.B.D.3)A.B.C and A.B.D are public addresses.
I added a nat rule which redirect all traffic to A.B.D.3 on port 22222 to the server A.B.C.35 on port 22. The server A.B.D.3 is never joined, it is not a problem, I just wanted to use his IP address (I just want this address to be visibled from Internet).
To make it working, I had to add a WAN rule to authorize traffic to the server A.B.C.35 on port 22.
Unfortunalty, from my PC on Internet, I can access directly to server A.B.C.35 on port 22 (my WAN rule).
-
What are you trying to achieve exactly? What is your primary language, if it's french get into the french section of the forum and I'll help you from there.
MageMinds
-
I'm french and I started a new topic into the french section of the forum.
http://forum.pfsense.org/index.php/topic,11104.0.html