Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSH Port Forwarding from custom ports to port 22 does not work!

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 893 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      srtato
      last edited by srtato

      Hello folks,

      I try to config a internet access to some linux servers. My idea is from internet to port 223 forward to internal port 22.

      ssh user@<public IP> -p 223 -> this connect to <internal ip> port 22

      I know this works because I have this config in this environment with another FW (IPFire) working fine. Now I replace this fw with a pfsense and I'm not able to config this connection.

      My actual config:
      I have a new installation of a pfsense 4.4.0. I create a NAT / Port Forward Rule as the next screenshot: 0_1546445601698_Captura de pantalla 2019-01-02 a las 17.12.26.png

      I create a asociated firewall rule for this connection (attached in the next screenshot):
      0_1546445794535_Captura de pantalla 2019-01-02 a las 17.16.23.png

      I see traffic on this rule:
      0_1546447366788_Captura de pantalla 2019-01-02 a las 17.40.30.png

      In the remote Linux box i see this(sorry for the bad quality): 0_1546447397805_Captura de pantalla 2019-01-02 a las 17.39.58.png

      In my laptop i see one of this two out puts:
      0_1546447682562_Captura de pantalla 2019-01-02 a las 17.46.17.png
      or
      0_1546447690952_Captura de pantalla 2019-01-02 a las 17.47.34.png

      I setup a Wireshark in my Laptop and I see always this error (it's a diferent public IP because I try from a VPN provider with the same results):
      0_1546447782786_Captura de pantalla 2019-01-02 a las 17.49.28.png

      It seems that the FW connection (NAT and Firewall rule works) but the ssh connections fails every time with Time out.

      Can someone help me with this issue?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That sort of setup works fine for me. You have some sort of other problem afoot. Are you sure the ACK is leaving the expected WAN and making it back to the client?

        It looks like the reply from the server never gets back to the client, so probably the packet is being misrouted on the way back out. The easiest way that can happen is if your WAN is not properly setup. For example, with a static IP address on WAN, if you do not have a gateway set on Interfaces > WAN, then it might not reply back properly if you have more than one WAN or a problem with your default gateway settings.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          srtato
          last edited by

          Thanks for your response. I have double check all the config and the problem was that this network do not have full internet connectivity. Only ICMP and DNS works. The solution turned out to be to disable hardware checksum offloads.

          Now all works fine. We can close this case.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.