SSH tunnel no longer working



  • I recently updated the firmware on my SG-1100 and now when I SSH into a computer behind the firewall and try and tunnel my browser through it, nothing is returned. I can see in the logs were the requests are sent to the server, but nothing is sent back to the ssh client.

    Was something changed/updated that I didn't notice that would stop a computer from sending back just the tunnel requests? I can connect through SSH and run commands no problem, but as soon as I open the browser and it starts sending requests, nothing comes back.

    Edit: I was using 2.4.4-RELEASE-p2 when I upgrade to p4 I believe.


  • Netgate Administrator

    Do you see anything blocked in the firewall log?

    Do you see the traffic you are sending over the tunnel hitting the pfSense LAN in a packet capture?

    To be clear you have a port forward setup on the SG-1100 and can SSH to the target of that correct? You are not using pfSense directly for the SSH tunnel?

    Steve



  • The firewall log does have a ton of "Default deny rule IPV4 (and a few IPV6). All to IPs and ports that I do not recognize (presumably the website I'm trying to access?).

    I have not tried packet capture yet, admittedly I am pretty new to this.

    And yes the forwarding is fine, I can connect to the computer behind the firewall and control it over ssh, it is only when I attempt the tunnel that the issue arises.


  • Netgate Administrator

    Hmm, well depends how you have the tunnel setup then. I usually expect it to run as a proxy in which case traffic should appear to be sourced from the internal client and be passed by the default rules. If you are somehow forwarding traffic though so some other source IP is passed that would be blocked.

    If you are seeing blocked traffic on LAN then that's probably the problem. You need to find out why that's being blocked.

    Steve



  • I tried reverting my SG-1100 back to p2 and that did not solve anything. However, while I was connected to the server behind the firewall, I connected to a VM running on the same server through ssh and suddenly the tunnel started working. I cancelled the connection to the VM and the tunnel continued to work as it had in the past. At this point I am not sure what was causing the problem, but I do not feel that it was due to pfsense and was probably the host OS.

    Thank you for the help.


  • Netgate Administrator

    Hmm, only time I've seen odd behaviour a little like that was when the firewall could not open a state because all the IPs and ports matched. So as though it tries to open several SSH connections to the same internal IP using the same source and destination ports. Which would never normally happen with SSH. The client would normally use a random source port for each connection and the remote side NAT device would usually randomise it anyway.
    It would be worth running a packet capture at the remote side to see what actually happens though.

    Steve


Log in to reply