Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    All external attempts to SSH or SFTP yield "connection refused"

    NAT
    3
    6
    22
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      profse last edited by

      This used to work. My modem is set to be passthrough. I've read the troubleshooting guide and the manual.

      I can internally ssh to this box, but when I attempt to connect externally, i get "connection refused". External traffic is not hitting this box as I've checked the ssh logs, so my only guess is that my NetGate device(I just updated to the latest version of PFSense) is blocking.

      Is there an option in some other menu I'm missing?nat.jpg

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        You are setting up a NAT rule here. You must not set the destination to "any" in a NAT rule, that won't work.
        Select "WAN address" or one of your virtual WAN addresses if applicable.

        1 Reply Last reply Reply Quote 1
        • P
          profse last edited by profse

          Thank you for the response, I appreciate your time. On the PFSense Main Screen, my WAN address is 172.16.1.39, not my external IP, even though my modem is set to passthrough.

          I made the change you suggested, but nothing changed externally, my connection is still refused.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @profse last edited by

            @profse said in All external attempts to SSH or SFTP yield "connection refused":

            On the PFSense Main Screen, my WAN address is 172.16.1.39, not my external IP, even though my modem is set to passthrough.

            Passthrough?
            You have to forward the traffic explicitly to the pfSense WAN address.

            To investigate if SSH packets arrive at pfSens WAN interface, use Diagnostic > Packet Capture.

            1 Reply Last reply Reply Quote 1
            • Rico
              Rico LAYER 8 Rebel Alliance last edited by

              You need to disable Block private networks and loopback addresses (Interfaces > WAN) if your WAN IP is RFC1918.

              -Rico

              1 Reply Last reply Reply Quote 1
              • P
                profse last edited by

                First, thanks for the reads and comments. It seems that, upon seeing my WAN Address as 172 and not my IP that something was fishy with the modem. Either ATT or a power cycle reset the modem to block traffic and not pass it all to PFSense. I changed that setting, and we are back in action.

                I'm sorry to have wasted your time on this, as I assumed my settings on the modem were unchanged.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy