• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Pfsense rules to allow vnc over ssh tunnel

Scheduled Pinned Locked Moved General pfSense Questions
4 Posts 2 Posters 1.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    noenthu
    last edited by Jan 9, 2021, 6:28 PM

    I'm having issues establishing a vnc connection over an ssh tunnel (testing in a local environment not over actual WAN)

    My Desktop ip 192.168.1.2

    ESXI 6.7 host with pfsense and a ubuntu 20.04 vm.
    PFsense IP - 192.168.1.15 (Wan IP)
    Ubutnu VM IP - 192.168.2.2 (Lan IP from PfSense)

    I have a firewall rule to allow Any Source Address on WAN and any port on Wan to my ubuntu VM 192.168.2.2 Port 22 for SSH.
    I have a NAT port forwarding rule to allow Destination Wan Address Port 22 to redirect to host 192.168.2.2 port 22 for ssh

    I am able to establish SSH connection from my desktop to the Ubuntu vm with this setup.

    What I want to do is use SSH tunneling to connect vncviewer from my desktop to the ubuntu vm.
    I setup a tunnel for port 5900 over ssh but am unable to get vncviewer to connect to the vm.

    When I try to connect I see the following
    LAN tcp 192.168.2.2:43970 -> 192.168.1.15:5900 CLOSED:SYN_SENT 3 / 0 180 B / 0 B

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Jan 10, 2021, 3:44 PM

      There shouldn't be anything special required in pfSense to pass that if SSH is working.

      Check the logs in Ubuntu.

      Steve

      N 1 Reply Last reply Jan 11, 2021, 1:52 PM Reply Quote 0
      • N
        noenthu @stephenw10
        last edited by Jan 11, 2021, 1:52 PM

        @stephenw10 this may have been an issue with my incomplete understanding of ssh tunnels.

        Since I am using port forwarding from the pfsense router (lab environment) 22 to ubuntu vm port 22.

        When I establish an ssh connection from my desktop, I am using the wan ip of the pfsense router 192.168.1.15.
        Creating a tunnel, I was trying to map 5900:192.168.1.15:5900. This caused the Ubuntu vm to try to establish a connection to port 5900 on 192.168.1.15 which would fail.

        If I instead create a tunnel as 5900:127.0.0.1:5900, the vm will create a tunnel to its localhost port 5900 and I am able to proceed.

        Please let me know if this is the appropriate way to perform tunneling

        ssh -L 5900:127.0.0.1:5900 192.168.1.15 (assuming it would also work with ssh -L 5900:192.168.2.2:5900 192.168.1.15)

        originally, I was doing
        ssh -L 5900:192.168.1.15:5900 192.168.1.15

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Jan 11, 2021, 5:02 PM

          Yes exactly if you are trying to connect to a sercice on the Ubuntu server you would use localhost there, or some IP on the Ubuntu box listening on that port. Not the pfSense IP.

          Steve

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received