NAT done to VIP But SSH connection not working

Su30MKI · Jul 30, 2018, 8:01 AM

Hello All,

I have created VIP in IP alias for usable IPs and have done 1:1 NAT for the DMZ servers. But global SSH connection is not happening. Should I create any rule for complete access to the DMZ server globally.

jimp · Jul 30, 2018, 2:32 PM

[Insert obligatory warning about not opening SSH up to the world unless it's only allowing key-based auth]

1:1 NAT does not add any firewall rules. If you setup 1:1 NAT and want to allow traffic inbound, you must also add firewall rules to the WAN interface which will pass to the local device on the ports you want. Keep in mind that the destination on the firewall rule is after NAT has applied, so it will be your local internal IP address.

Su30MKI · Jul 31, 2018, 11:11 AM

Can you please help me with the any to any DMZ rule?

Su30MKI · Jul 31, 2018, 4:16 PM

Can I set any to any port to the single host?

Derelict · Aug 5, 2018, 5:11 PM

You are probably going to have to post exactly what you want to do.

https://www.netgate.com/docs/pfsense/nat/forwarding-ports-with-pfsense.html

https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html