@adminproconer said in Firewall rule problems. (Client-to-client forward):

Where should I start troubleshooting the issue?

With the network settings and firewall config of the concerned device.

Ensure that all devices in both subnets use pfSense as gateway.

If you can access a device from within it's own subnet, but not from another network segment check its firewall and ensure that it allows access from outside.

@stephenw10 said in [WORKAROUND] Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed):

This?

SSH KeyGen pfSense has started creating missing SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed. @ 2022-05-01 12:55:10

That's normal whenever new keys are created. Which until 22.01/2.6 was every install or config reset.

Steve

Thank You, Steve!

@ptt and @johnpoz

It worked. Thanks so much for all your help

@samto I found a root cause of the problem. It is well described here: https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-tunnel-options/

So, the combination ssh -f -T -N -R works fine

@ibbetsion said in sshguard complaining about an attack from the pfSense system itself?:

192.168.1.2 is assigned IP of the pfSense firewall from my ISP router. It is the only device connected to the ISP router

This is a WAN interface ...

192.168.7.1 is the IP of the pfSense firewall itself (WAN1)

Another WAN interface ...

192.168.5.2 is the assigned IP of the second WAN port on the pfSense firewall (WAN2)

And another WAN interface ...

No LAN(s) ?

Remove all rules on all WAN interfaces.
The default action will be block all (DROP) - so sshguard won't be bothered again.

@kom

The first link I glanced over before but I can now access the web server both on the WAN and LAN. I'm even able to ssh to it from LAN to OPT1. I don't remember if it was one of the videos you linked or some random third video but I didn't understand that request get sent out on a random port. So those source ports would have never worked. Sorry for not understanding that sooner.

Thank you for the references and your time.

@jimp Thank you! It worked.