Default deny rule IPv4 is blocking my LAN to my DynamicDNS
-
I have SSH with VNC setup to a linux computer that's tucked away running some things. It works on the LAN, but I wanted access to it outside the LAN so I setup dynamic dns with FreeDNS (afraid.org). In pfsense under DynamicDNS it successfully updates my IP address, so all seems to be well there.
I added a port forward with Filter rule association:
WAN, TCP, Source Address=, Source Ports=, Dest Address=WAN address, Dest Ports="My SSH PORT" NAT IP="MY LINUX LAN IP", NAT PORTS="MY SSH PORT"When I attempt to connect to the dynamicdns hostname via Putty or ping it from the LAN, it all times out and my Firewall Log is flooded with "Default Deny rule" Blocks from the LAN IP I was trying to connect from to my WAN address.
I can ping from outside my own network, say my cellphone not on wifi.Something to note, the Linux computer and the computers I am connecting TO it from, are both behind the same pfSense box, on different subnets & different physical interfaces.
What am I doing wrong?
-
"What am I doing wrong?"
Why would you be using the public IP from inside your network?? Pointless to do that.. If you want to ssh to box on another lan segment then use its private IP or use a name that resolves to its internal name and create firewall rules between your segments to allow that.
-
Well, if it's feasible what I would like is an SSH configuration that works regardless of what network I'm connected to. So when I leave home with my laptop I can still SSH into the Linux computer the same as if I were at home.
Another thing probably worth mentioning is that just about all traffic leaving my LAN is through a public VPN. So traffic goes out on 987.654.321.5 and requests the dynamic DNS on my actual ISO IP, 123.456.789.6
-
That is why you use a host override, so when your out in the world your fqdn say ssh.yourdomain.com resolve to your public, and when your on your network it resolves to your private.
Trying to do nat reflection with a vpn connection is also going to be an issue.. So you want to travel all the way down your vpn connection, then back down your isp connection just to hit a box that is right next to you?
Just use a host override.. takes all of 1.3 seconds to setup.
-
What is a host override and how do I set that up?
I currently have it working to SSH within my own network, but I'm trying to get a solution where I can SSH back in on my laptop when away.
-
Open up the resolver or forwarder whichever one your using, scroll to the bottom there you go host overrides..
