Portforwarding SSH/HTTP on BETA4 not working (for me, at least)



  • hey all-

    quick one here. Simply trying to portforward ssh and http from my soekris running pfsense to an internal server. i want to map my.wan.ip:2222 -> 10.0.1.10:22 and my.wan.ip:8001 -> 10.0.1.10:80

    here's what i have configured (using only ssh as an example):

    Firewall > NAT > PortForward
    –---------------------------------------
    interface: WAN
    Proto: TCP
    Ext. port range: 2222
    NAT IP: 10.0.1.10
    Int. port range: 22

    i checked the box to create the default rule in Firewall/Rules, and haven't touched it.

    I follwed the same procedure for http as well, and haven't had any luck getting packets to flow inward. i'm hoping i just missed something simple here. thoughts?

    thanks so much,
    darren david



  • Do you see blocks for connectionrequest of this kind in status>system, firewall? In case your WAN IP is in a private range the "block private IPs at WAN" rule could block your traffic (you can disable this at interfaces>wan at the bottom).

    Also are you trying this from outside or are you trying to use natreflection? natreflection is usually turned off by default but you can turn it on at system>advaned (also at the bottom).

    Another thing to check is the rules order of your firewallrules. In case something is blocking this kind of traffic earlier you can't make the connection go through by creating a pass rule below this.

    Also make sure the internal portforward targets have the pfSense as default gateway.



  • @hoba:

    Also make sure the internal portforward targets have the pfSense as default gateway.

    aye, there's the rub. excellent point, and hence the source of my issues. FWIW, do you know offhand how to set a different gateway for different interfaces on a FreeBSD box? My internal server has services running on 10.0.1/24 and 10.0.2/24 on different interfaces, but i've only ever set the "defaultrouter" in rc.conf. if i can get each interfacae to use a different gateway then i should be solid…

    thanks so much.

    darren




Log in to reply