Port Forwarding NAT issue - ver 2.4.4



  • Before I start the answer is 'Yes, I tried going through and troubleshooting using the Port Forward Troubleshooting instructional page'. And I have even tried turning off the firewall on the win pc with putty loaded on it.

    I've been working on this issue for a couple of days on and off now.

    I'm simply trying to setup a port forward for SSH for a Cisco Lab Terminal Server. I would like remote access (reasons are my business).

    I followed not only the instructions online but even a video tutorial. I have today even Factory Reset my pfsense appliance and started from scratch just in case there is some strange corruption.

    I am not doing any advanced configuration on my router. Yes I have a static IP and yes my WAN interface is connected directly to a bridged modem. Yes I can (when i open it up) ping my WAN from a remote network.

    Also the device I am trying to SSH to is working properly and yes it has the pfsense set as the gateway. I can connect to this device via SSH on the LAN with zero issues. The test port to host function on the pfsense router shows this port open and working.

    I have dug through the rules.debug file and no I did not find any errors.

    This really shouldn't be rocket science, it should just work. Unless there is something I'm overlooking I don't know what is happening.

    As always I appreciate the help and I wouldn't be asking if I haven't reached a brick wall. I'm stuck and do not know how to continue.

    Thank you......

    I will post snapshots of configuration and etc.

    0_1539900413499_Port Forwarding NAT.JPG

    0_1539900433588_Firewall Rules WAN.JPG

    0_1539900443342_Firewall Rules LAN.JPG

    0_1539900456896_22 Port Test Success.JPG

    0_1539900467738_Sys Log Firewall.JPG

    0_1539900482223_WAN LAN Packet Capture.JPG

    0_1539900500064_Putty Failure.JPG

    0_1539900507510_Dashboard Snapshot.JPG


  • Netgate

    The SSH server is not responding to the connections from the foreign subnet. Test port connects from its local subnet.

    Either its firewall is blocking it or its default gateway is not set to pfSense.

    (Zero idea why you feel it's necessary to obfuscate the third octet of that RFC1918 network.)



  • @derelict

    Thank you for the quick reply.

    EDIT: I finally resolved it. I have to do some more investigation on my end to see exactly what is passing and how the packets look yet. However it is working now. I plan on posting a better detailed response later. Thanks.

    (Why I felt it necessary to obfuscate the third octet is out of habit)



  • In case anyone was curious about what my issue was it was indeed the SSH terminal server that wasn't responding.

    The boiled down version is I am using a layer 3 Cisco router as an async terminal server. Overkill but this is the hardware I had so I'm using it.

    The gateway was indeed set to the pfSense however apparently because of the configuration I am using with ip alias and vty; routing is enabled. When routing is enabled the Cisco ignores the default-gateway for obvious reasons. The order in which I programmed and tested configuration had me believing the gateway was being used.

    Ultimately it was Derelict @Derelict on here that got me pointing in the right direction. I was too deep in the forest to see the trees. Once he proposed the foreign subnet and gateway suggestion this made me verify again the route information on the Cisco. This is when I discovered the gateway was no longer the default-gateway despite my running config stating such.

    I can't recall the forum post on Cisco forums however it was this information that made me realize that I have to run my terminal server in router mode whether I wanted to or not so I setup a static route to point to the pfSense at the gateway.

    This got things chooching again.

    Thanks for the help!!!