Could not SSH from WAN
-
Yeah, it takes about 30 seconds to configure. Assuming you actually are testing from WAN (and not using your WAN IP from LAN), see firewall logs.
-
Post screenshots of your WAN firewall rules and your port-forward NAT rules.
-
"This confirms the issue to be with the firewall settings."
Or it could be firewall on the NAS that only allows access from local network.
Lets see your port forward, lets see your firewall rules.
This is in reality 10 seconds to configure. Port forward to your private IP = done, it will by default create the wan rule for you.
Go to canyouseeme org and test it. If doesn't work then use the port forwarding troubleshooting doc https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
-
I had this SSH setup using D-Link firewall before replacing. With pfSense I spent 2 days without success..
Dude, there are worlds between them!
-
Thanks for all the reply.
I use a remote server to test SSH. Last night I got it working by changing "Destination port range" to SSH and "Redirect target port" to 700. I logged in using port 22 from the remote server.
Previously I had the "Destination port range" to 700 and tried to ssh -p 700 from the server. According to the documents this should have worked fine but I have no idea why pfSense will not forward port 700 or any other ports I tried before.
Is this a bug?
-
Redirect Target Port: The internal port where this traffic will be forwarded, and is usually the same as the external port as defined in Destination port range. If multiple ports in a range are used for the Destination port range, this is the starting port of the range as it must be the same size range.
https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F
-
Thanks for all the reply.
I use a remote server to test SSH. Last night I got it working by changing "Destination port range" to SSH and "Redirect target port" to 700. I logged in using port 22 from the remote server.
Previously I had the "Destination port range" to 700 and tried to ssh -p 700 from the server. According to the documents this should have worked fine but I have no idea why pfSense will not forward port 700 or any other ports I tried before.
Is this a bug?
No. It works for everybody but you.
If you would rather use 700 than 22, put it back, confirm it doesn't work as you're expecting, and post what you did.
-
Bunch of rsync jobs are queued from the server to NAS. When its done I'll replace Destination port range to 700 and ssh -p 700 from the server and update the findings.
But that's how I was trying before… using same Destination & Redirect Target Port
-
Hmm, but rsync uses 873/TCP. Plus, when using rsync over SSH, SSH needs to be actually running on the port you are trying to use. Sigh, no idea what are you trying to do.
-
my files are getting backed up without errors. coming through port 22 forwarded to 700
-
Wonderful. You just told us it doesn't work in the first post. Well, good luck.
-
Yeah. I rsync over SSH to my NAS all the time. All on ports other than 22:
WAN:8022 -> 192.168.1.100:22
WAN:8023 -> 192.168.1.101:22
WAN:8024 -> 192.168.1.102:22
etc
etc