Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfsense rules to allow vnc over ssh tunnel

    General pfSense Questions
    2
    4
    318
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      noenthu last edited by

      I'm having issues establishing a vnc connection over an ssh tunnel (testing in a local environment not over actual WAN)

      My Desktop ip 192.168.1.2

      ESXI 6.7 host with pfsense and a ubuntu 20.04 vm.
      PFsense IP - 192.168.1.15 (Wan IP)
      Ubutnu VM IP - 192.168.2.2 (Lan IP from PfSense)

      I have a firewall rule to allow Any Source Address on WAN and any port on Wan to my ubuntu VM 192.168.2.2 Port 22 for SSH.
      I have a NAT port forwarding rule to allow Destination Wan Address Port 22 to redirect to host 192.168.2.2 port 22 for ssh

      I am able to establish SSH connection from my desktop to the Ubuntu vm with this setup.

      What I want to do is use SSH tunneling to connect vncviewer from my desktop to the ubuntu vm.
      I setup a tunnel for port 5900 over ssh but am unable to get vncviewer to connect to the vm.

      When I try to connect I see the following
      LAN tcp 192.168.2.2:43970 -> 192.168.1.15:5900 CLOSED:SYN_SENT 3 / 0 180 B / 0 B

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        There shouldn't be anything special required in pfSense to pass that if SSH is working.

        Check the logs in Ubuntu.

        Steve

        N 1 Reply Last reply Reply Quote 0
        • N
          noenthu @stephenw10 last edited by

          @stephenw10 this may have been an issue with my incomplete understanding of ssh tunnels.

          Since I am using port forwarding from the pfsense router (lab environment) 22 to ubuntu vm port 22.

          When I establish an ssh connection from my desktop, I am using the wan ip of the pfsense router 192.168.1.15.
          Creating a tunnel, I was trying to map 5900:192.168.1.15:5900. This caused the Ubuntu vm to try to establish a connection to port 5900 on 192.168.1.15 which would fail.

          If I instead create a tunnel as 5900:127.0.0.1:5900, the vm will create a tunnel to its localhost port 5900 and I am able to proceed.

          Please let me know if this is the appropriate way to perform tunneling

          ssh -L 5900:127.0.0.1:5900 192.168.1.15 (assuming it would also work with ssh -L 5900:192.168.2.2:5900 192.168.1.15)

          originally, I was doing
          ssh -L 5900:192.168.1.15:5900 192.168.1.15

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            Yes exactly if you are trying to connect to a sercice on the Ubuntu server you would use localhost there, or some IP on the Ubuntu box listening on that port. Not the pfSense IP.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post