Port forwarding and Wan rules open a door

  • Hello everybody,

    I have a little problem and does not know how to resolv it.

    My internal network (LAN) use public ip addresses. In my LAN, I have an SSH server (A) which I want to access from Internet. But, I want not to access it directly but through a server  (B) I put in my DMZ (my goal is to use my LAN as if  it used private ip addresses).

    On the pfsense I added a port forward rule to redirect all traffic arriving on server B on port 22222 to my server A on port 22. The problem is that it is working only if I add a WAN rule to access all traffic from internet to server A on port 22. This rule open a door and let everybody accessing directly on my server A on port 22 (so the port forwarding rule is useless).

    How can I do a port forward rule without having open all traffic on port 22 ?


    Matthieu MARC

  • A little diagram of what you're trying to achieve would help us to help you… Your story is a little confusing.

  • PC –------@Internet@ --------- (WAN) Pfsense (LAN = A.B.C.1) ---------- Server (A.B.C.35)
                                                            (DMZ = A.B.D.1)
                                                            Server Proxy (A.B.D.3)

    A.B.C and A.B.D are public addresses.

    I added a nat rule which redirect all traffic to A.B.D.3 on port 22222 to the server A.B.C.35 on port 22. The server A.B.D.3 is never joined, it is not a problem, I just wanted to use his IP address (I just want this address to be visibled from Internet).

    To make it working, I had to add a WAN rule to authorize traffic to the server A.B.C.35 on port 22.

    Unfortunalty, from my PC on Internet, I can access directly to server A.B.C.35 on port 22 (my WAN rule).

  • What are you trying to achieve exactly? What is your primary language, if it's french get into the french section of the forum and I'll help you from there.


  • I'm french and I started a new topic into the french section of the forum.


Log in to reply