Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block SSH(22) From Wan But Allow from LAN

    Scheduled Pinned Locked Moved
    NAT
    3
    5
    286
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mathais
      last edited by mathais

      Hi,
      I don't understand why, but I can access to SSH from WAN.
      I want to secure my WAN interface.
      I tried to block it with a rule, but impossible, SSH is always enabled from WAN.

      What is my problem ?
      Thank you
      Capture d’écran 2024-02-25 à 23.48.58.png Capture d’écran 2024-02-25 à 23.49.27.png

      johnpozJ S 2 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @mathais
        last edited by johnpoz

        @mathais its not available via actual wan, but yes your lan which by default has a any any rule would allow you from your lan network to connect to pfsense public IP/wan address via ssh.. actually the anti-lock out rule would make sure you can, etc..

        This comes up quite often to be honest, where users think something is open from wan, but they are checking from lan.. Go to say can you see me . org and send traffic to 22..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Rebel Alliance @mathais
          last edited by

          @mathais also, consider upgrading: https://docs.netgate.com/pfsense/en/latest/releases/2-7-2.html#security-errata

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          M 1 Reply Last reply Reply Quote 0
          • M
            mathais @SteveITS
            last edited by

            @SteveITS hi, I'm using the last version 23.09.1-RELEASE (amd64) of pfSense Plus.

            S 1 Reply Last reply Reply Quote 0
            • S
              SteveITS Rebel Alliance @mathais
              last edited by

              @mathais hmm whatever I was looking at mentioned 2.7.1. I guess I posted on the wrong thread?

              Well, if you’re testing from somewhere on the Internet, and not LAN, show us your WAN rules.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post