SSH hungs
-
Hi all:
Total newbie here. I just setup my xubuntu server with ssh daemon running. When I try to do local ssh access, it works fine. I tired it on both pfSense 2.0.2, and 2.0.3.
$ ssh -vvv 192.168.1.2
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/username/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.2 [192.168.1.2] port 22.
debug1: Connection established.
….Then I setup NAT port forward from WAN:22 to 192.168.1.2:22. Since I also have DDNS set, I tried to ssh from outside, it works fine as well. (Suppose it is home.dyndns.org)
user@somewhereelse $ ssh -vvv home.dyndns.org
debug1: Reading configuration data /home/…/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to home.dyndns.org [1.2.3.4] port 22.
debug1: Connection established.
…Then, I tried to ssh from LAN, with DDNS address. It hungs until timeout…
$ ssh -vvv home.dyndns.org
debug1: Reading configuration data /Users/username/.ssh/config
debug1: /Users/username/.ssh/config line 9: Applying options for home
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to home.dyndns.org [1.2.3.4] port 22.
debug1: connect to address 1.2.3.4 port 22: Operation timed out
ssh: connect to host home.dyndns.org port 22: Operation timed outI have checked my sshd log, this time sshd has not received any packet from pfSense box.
I suppose I did not set my pfSense properly. Any help would be appreciated!
Thanks!
EDIT: SOLVED
Make sure system->advance->firewall/nat->Disable NAT reflection for port forwards is not enabled.Thanks for all ur help!
-
Your ssh access to home.dyndns.org from the LAN resolves to the public IP address. That SSH attempt does not arrive on the WAN interface hence your port forward on the WAN interface doesn't apply.
If your pfSense has DNS forwarder enabled you could fix this problem by using a host overridein the DNS forwarder so LAN clients resolve home.dyndns.org to the private IP address.
-
Hi:
I tried adding an entry in the Host Overrides, with Domain: home.dyndns.org, IP: 192.168.1.2, and reboot, but it does not seem to work. Can you point me to some direction so that I can further research this problem?
On a side note, when i type
$ ping home.dyndns.org
PING home.dyndns.org (1.2.3.4): 56 data bytes
64 bytes from 1.2.3.4: icmp_seq=0 ttl=64 time=1.054 ms
64 bytes from 1.2.3.4: icmp_seq=1 ttl=64 time=2.826 ms
…as normal, however, when I try to resolve locally:
$ whois home.dyndns.org
NOT FOUNDIs this the same issue? I'm not quite experience in this area.
Thanks for your help.
-
Make sure tyhe NAT Reflection rules are not disabled in the pfSense config (System –> Advanced --> Firewall/NAT, then bottom section on page)
-
That does the trick. Thanks for helping!