Port forwarding problem

krisken

Hi there!

I want to forward any traffic on port 10022 on the WAN site of my pfsense router (IP = 10.2.0.2 on WAN - IP 10.0.0.1 on LAN) to my SMS gateway (10.0.0.10 IP on LAN) on port 22.

I've tried this using NAT, but it doesn't work at all…

http://krisken.dommel.be/pfsense/portforward.jpg

beppo

i guess you have to adjust the rule to src ports ANY and dest ports 10022

Guest

Howdy, I'm still kinda new to this but I believe you need to change your source ports to any, your destination address to your wan and your destination ports to 10022.

This will change your rule to say any traffic regardless of source coming at your wan from 10022 should be forwarded internally  to your system at 10.0.0.10 on port 22.

If that doesn't help hold out for someone with more experience but like I said I believe that should address your problem.

Best of luck. =)

krisken

Thanks for your help!

What do i have to set under:

• protocol TCP (i guess…SSH is tcp)
• src ports ???
• Dest address : 10.0.0.10
• Dest port : 22 (SSH)
• NAT IP : 10.0.0.10
• NAT ports : 22 (SSH)

or...what do i have to change?

kpa

Change the source port(s) to any, in 99.99% of TCP connections the source port is a random port in 1024-65536 range. Also change destination address to WAN address because that's the address the IP packets will be arriving at before address translation.

krisken

So it have to be like this?

jimp

What do your firewall rules on WAN look like?

If your WAN resides on a private numbered network like 10.x, make sure you have disabled the feature to block inbound traffic from private networks under Interfaces > WAN.

krisken

@jimp:

What do your firewall rules on WAN look like?

If your WAN resides on a private numbered network like 10.x, make sure you have disabled the feature to block inbound traffic from private networks under Interfaces > WAN.

The screenshot above is my WAN connection (Scarletfix and Dommelfix are my 2 ISP's).

SMS gateway 10.0.0.10 <–-----> 10.0.0.1 pfsense 10.2.0.2 <-------> 10.2.0.1dommelfix

jimp

The screenshot gives your port forward entry, not the WAN firewall rules.

krisken

I see, sorry

Here is the screenshot
http://krisken.dommel.be/pfsense/rulessh.jpg

jimp

That looks good too. If you go to Diagnostics > States and filter on the IP trying to ssh while you do it, what shows up?

krisken

@jimp:

That looks good too. If you go to Diagnostics > States and filter on the IP trying to ssh while you do it, what shows up?

When i try to connect to the server (noc.it2go.eu port 10022), i get an error "can't connect etc" in putty.
But when i connect to 10.0.0.10 port 22, everything goes well

Problem doesn't seem to be pfsense…