All external attempts to SSH or SFTP yield "connection refused"
-
This used to work. My modem is set to be passthrough. I've read the troubleshooting guide and the manual.
I can internally ssh to this box, but when I attempt to connect externally, i get "connection refused". External traffic is not hitting this box as I've checked the ssh logs, so my only guess is that my NetGate device(I just updated to the latest version of PFSense) is blocking.
Is there an option in some other menu I'm missing?
-
You are setting up a NAT rule here. You must not set the destination to "any" in a NAT rule, that won't work.
Select "WAN address" or one of your virtual WAN addresses if applicable. -
Thank you for the response, I appreciate your time. On the PFSense Main Screen, my WAN address is 172.16.1.39, not my external IP, even though my modem is set to passthrough.
I made the change you suggested, but nothing changed externally, my connection is still refused.
-
@profse said in All external attempts to SSH or SFTP yield "connection refused":
On the PFSense Main Screen, my WAN address is 172.16.1.39, not my external IP, even though my modem is set to passthrough.
Passthrough?
You have to forward the traffic explicitly to the pfSense WAN address.To investigate if SSH packets arrive at pfSens WAN interface, use Diagnostic > Packet Capture.
-
You need to disable Block private networks and loopback addresses (Interfaces > WAN) if your WAN IP is RFC1918.
-Rico
-
First, thanks for the reads and comments. It seems that, upon seeing my WAN Address as 172 and not my IP that something was fishy with the modem. Either ATT or a power cycle reset the modem to block traffic and not pass it all to PFSense. I changed that setting, and we are back in action.
I'm sorry to have wasted your time on this, as I assumed my settings on the modem were unchanged.