Nat & ssh problem
-
Hi @ll
Here we go again, re-installed the whole box from the scratch, re-created the Nat rule as the only
existing one and I have exactly the same problems with the same outputs as before.
Tried NATting VNC (5900) too but no joy…. would any one of you guys give 2.0 a chance or
is there any other possible solution for this ?Thx thafener
-
No clue anyone ? Might this problem be hardware-related ? I am running PF on a
Intel Atom 330 (D945GCLF2) using the onboard NIC (Realtek 8xxxx, might use much
memory but Ok…) and a 3Com 3C905C as the second NIC. Next to this the system
has 2 GByte RAM and a 160 GByte HDD.....Found nothing problematic about this hardware combination in the compatibility lists
but maybe any one of you knows more.... -
Follow up:
It seem that the whole problem happend if captive portal is enable, basically the nat just doesnt work. It looks like the captive portal doesn't undestand or just block the nat.
If anybody found a solution or has details for nat with captive portal enable, please share?
Next step, will try with a dmz. -
Spazio,
Thanks a lot for your reply… the cp is a hint, I did not consider having a look at this
side so far.
Does it mean you disabled the cp and it was working again ? Can you confirm this ?However if you make a new install from the scratch it works again as it is the same
with a lot of PFSense issues from my side.
Some functions stop working without reason or without prior configuration changes
and it is impossible to find a logical reason.
However it is good for us that the functions of PFSense allow a fast install and restore
which can be done in some 20 minutes...Thx thafener
-
yep, by disabling captive portal everything comes back to normal and nat is working again. Tried it with a new install without cp and it work.
For me the problem came from enabling captive portal.
This is a deal breaker still. There must be a way to have nat and cp enable and working at the same time
-
Is the system with the SSH server logged into the captive portal or configured in the pass-through MAC or allowed IPs of the captive portal? If not, it needs at least one of those. There is currently no way to selectively let certain traffic through the captive portal block on certain ports.
-
The ssh server is allowed in the pass tru mac. I also tried with a port 80 web server and it's the same. I can see the firewall let the packet tru in the log but it stop there.
-
Good morning
Exactly the same over here. The SSH server has a entry in the pass-through-list and well it
worked fine for a while until it stoppe working suddenly without prior changes in the
environment.
Like Spazio I can see the packets on Port 22 passing the firewall, but it seems they don't.cheers thafener
-
Hi @ll
Done the following today :
Deleted all FW Rules from the problematic box and made a backup without package info.
Used the backup to set up a box with nearly the same hardware config (Atom 330 and
so on) and just with a Linksys NIC instead of a 3Com.Re-created the NAT for SSH and it does not work no matter if the CP is enabled or not…
cheers Thafener
-
Hi all,
I have the exact same problem with my psSense. Just thought I'd drop in and say that disabling CP solved the problem with NAT for me as well. Thanks Spazio for that hint.
And I agree that there must be a way to have both NAT and CP working at the same time. But in the end, right now I'd rather have NAT than CP…My symptoms are the same. NAT seems to be working and the firewall log says that the traffic is let through. Using tcpdump on the WAN interface I can see the packages. Using tcpdump on the LAN interface, nada. Using Wireshark on the SSH-server host, no packages there either. But, disabling CP all is fine.
-
Hi @ll
I was able to reproduce this too meanwhile. I agree that both features should be working
at the same time as the CP is a really brilliant feature
Does anybody know if the developers are working on this ?cheers thafener