Port forwarding and Wan rules open a door
I have a little problem and does not know how to resolv it.
My internal network (LAN) use public ip addresses. In my LAN, I have an SSH server (A) which I want to access from Internet. But, I want not to access it directly but through a server (B) I put in my DMZ (my goal is to use my LAN as if it used private ip addresses).
On the pfsense I added a port forward rule to redirect all traffic arriving on server B on port 22222 to my server A on port 22. The problem is that it is working only if I add a WAN rule to access all traffic from internet to server A on port 22. This rule open a door and let everybody accessing directly on my server A on port 22 (so the port forwarding rule is useless).
How can I do a port forward rule without having open all traffic on port 22 ?
A little diagram of what you're trying to achieve would help us to help you… Your story is a little confusing.
PC –------@Internet@ --------- (WAN) Pfsense (LAN = A.B.C.1) ---------- Server (A.B.C.35)
(DMZ = A.B.D.1)
Server Proxy (A.B.D.3)
A.B.C and A.B.D are public addresses.
I added a nat rule which redirect all traffic to A.B.D.3 on port 22222 to the server A.B.C.35 on port 22. The server A.B.D.3 is never joined, it is not a problem, I just wanted to use his IP address (I just want this address to be visibled from Internet).
To make it working, I had to add a WAN rule to authorize traffic to the server A.B.C.35 on port 22.
Unfortunalty, from my PC on Internet, I can access directly to server A.B.C.35 on port 22 (my WAN rule).
What are you trying to achieve exactly? What is your primary language, if it's french get into the french section of the forum and I'll help you from there.
I'm french and I started a new topic into the french section of the forum.