If this is not the right place to post my question, please direct me to the correct one.

socrateberserk

Hello,

I recently acquired a Netgate 6100. Previously, I was using a WatchGuard device.

I consider myself mostly self-taught in networking, and so far, I’ve always managed to configure my networks adequately.

I am unable to properly configure pfSense to allow the use of the SSH protocol.
I am a developer, and to update my GIT sources, I have to disconnect my laptop from my Netgate device and use my phone's mobile hotspot. This is the only way I can use the SSH protocol. I can confirm that SSH works fine with my laptop on other networks.

Thank you so much for your help!

patient0

@socrateberserk have you set up firewall rules to block some outgoing traffic?

With the default rules all outgoing traffic is allowed, including SSH.

What error do you get when trying to connect to github? Does nc -v github.com 22 work?

socrateberserk

@patient0
I tried this while connected to the Netgate DHCP server.

PS C:\WINDOWS\system32> ncat -v github.com 22
Ncat: Version 7.95 ( https://nmap.org/ncat )
Ncat: TIMEOUT.
PS D:\drivers>

And here it is when I am connected via my phone's mobile hotspot.

PS C:\WINDOWS\system32> ncat -v github.com 22
Ncat: Version 7.95 ( https://nmap.org/ncat )
Ncat: Connected to 140.82.113.3:22.
SSH-2.0-babeld-0c1de7cd8

SteveITS

@socrateberserk Post your rules for LAN. Do you have any packages in use?

Gertjan

@socrateberserk said in If this is not the right place to post my question, please direct me to the correct one.:

I am unable to properly configure pfSense to allow the use of the SSH protocol

What pfSense does is : routing, and fire-walling : IP packets.
These packets might contain - in the so called payload - fragments of the mail you send or receive, a web server that is sending you a web page you requested, or a DNS answer from a DNS server you've requested zone info.
The SSH protocol is the description of that payload. And because it's SSH, the payload i, for pfSense, a complete random set of bits, and pfSense can't do anything with it, as it is encrypted.
All this boils down to : pfSense doesn't care about the payload. It doesn't use or 'touches' the payload.

Out of the box, when you installed it, pfSense behave like any other firewall router out there : it has a WAN, a LAN, and everything from LAN passes to the WAN.

pfSense itself also contains a SSH 'server' so you can connect to it. By default, its disabled.

I can connect to my web server, a server rented in a data center somewhere in Paris, from a PC connected on pfSense LAN, just fine.
And the other way raound also works : the same server can connect to my Syno NAS on my pfSense LAN also : I opened up the IPv4 port 22 on my WAN with a NAT rule (I've set the source address is the IPv6 of my server. So this is secured.
For IPv6 things are simpler : just a pass firewall rule, IPv6 destination is the IPv6 of my NAS, destination port is '22' and source address is also set == the IPv6 of my server, so also secured.