Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT done to VIP But SSH connection not working

    Scheduled Pinned Locked Moved NAT
    5 Posts 3 Posters 599 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Su30MKI
      last edited by

      Hello All,

      I have created VIP in IP alias for usable IPs and have done 1:1 NAT for the DMZ servers. But global SSH connection is not happening. Should I create any rule for complete access to the DMZ server globally.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        [Insert obligatory warning about not opening SSH up to the world unless it's only allowing key-based auth]

        1:1 NAT does not add any firewall rules. If you setup 1:1 NAT and want to allow traffic inbound, you must also add firewall rules to the WAN interface which will pass to the local device on the ports you want. Keep in mind that the destination on the firewall rule is after NAT has applied, so it will be your local internal IP address.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          Su30MKI
          last edited by

          Can you please help me with the any to any DMZ rule?

          1 Reply Last reply Reply Quote 0
          • S
            Su30MKI
            last edited by

            Can I set any to any port to the single host?

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              You are probably going to have to post exactly what you want to do.

              https://www.netgate.com/docs/pfsense/nat/forwarding-ports-with-pfsense.html

              https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.