How to enable port forwarding?
-
Hi,
pfsense 1.2-RELEASE
I wanted to verify that I have enabled this correctly. The goal is to allow a user (someuser) access to a server behind the pfsense box. I had hoped a command like this would do it.
ssh -L 22:localhost:2222 someuser@mypfsense.box
but I am getting Permission denied (Publickey) from the pfsense box when an attempt is made to ssh through. I didn't think I would need to add the user to allow them to be forwarded.
I have a NAT rule set-up with the screen shot below. I also have a firewall rule to allow traffic from the user's static address to the specific host. I have widened that rule from any to any to try and make this work but I am still permission denied.
Can someone point out where I am going wrong?
TIA.
-
Have you got SSH enabled on the pfSense box itself?
If so, move it to a different port (I use 222) as that'll be what's responding, not the box you're trying to forward to.
-
Thanks for the reply.
I did try moving the listening port to something other than 22 and I also tried
ssh -p portnumber user@pfsence.box
With both of these the session just hangs until it times out. Logging is enabled and, eventually I did see some errors from the correct inbound address:
Dec 9 17:04:38 WAN xxx.xx.xxx.xxx:4045 xx.xx.xxx.xx:135 TCP Dec 9 17:04:05 WAN xxx.xx.xxx.xx:22 xx.xx.xxx.xx:64909
The rule that triggered this action is:
@61 block drop in log quick all label "Default block all just to be sure."
If I can get my rule above this one, I might be in with a chance but I can't see it my list.
I am a bit lost. I am not sure if the issue is the ssh command, the pfsense config or a routnig issue.
What I do know is that the sshd on the internel host is not being contacted.
:-\