SSH Port Forwarding from custom ports to port 22 does not work!
-
Hello folks,
I try to config a internet access to some linux servers. My idea is from internet to port 223 forward to internal port 22.
ssh user@<public IP> -p 223 -> this connect to <internal ip> port 22
I know this works because I have this config in this environment with another FW (IPFire) working fine. Now I replace this fw with a pfsense and I'm not able to config this connection.
My actual config:
I have a new installation of a pfsense 4.4.0. I create a NAT / Port Forward Rule as the next screenshot:
I create a asociated firewall rule for this connection (attached in the next screenshot):
I see traffic on this rule:
In the remote Linux box i see this(sorry for the bad quality):
In my laptop i see one of this two out puts:
or
I setup a Wireshark in my Laptop and I see always this error (it's a diferent public IP because I try from a VPN provider with the same results):
It seems that the FW connection (NAT and Firewall rule works) but the ssh connections fails every time with Time out.
Can someone help me with this issue?
-
That sort of setup works fine for me. You have some sort of other problem afoot. Are you sure the ACK is leaving the expected WAN and making it back to the client?
It looks like the reply from the server never gets back to the client, so probably the packet is being misrouted on the way back out. The easiest way that can happen is if your WAN is not properly setup. For example, with a static IP address on WAN, if you do not have a gateway set on Interfaces > WAN, then it might not reply back properly if you have more than one WAN or a problem with your default gateway settings.
-
Thanks for your response. I have double check all the config and the problem was that this network do not have full internet connectivity. Only ICMP and DNS works. The solution turned out to be to disable hardware checksum offloads.
Now all works fine. We can close this case.
