How to forward correctly?



  • I do have some router/network experience, but i've never worked with something extended as pfsense, so sorry for the n00b question :)

    I do have a pfsense box running with two WAN's (loadbalanced/failover):
    ISP Belgacom - 25Mbit down - 3.5Mbit up, no fixed ip
    ISP Dommel - 30Mbit down - 4.5Mbit up, fixed ip

    Now i want to forward the SSH traffic from WAN (the one with the fixed IP ;)) on port 10022 to port 22 of my local machine (IP 10.0.0.10).

    How do i have to forward that correctly?
    What values do i have to insert in the forms on Firewall/Rules?

    Kris



  • Just set up a standard port forward, choose the correct WAN interface you want the forward to be active on and make sure you select the correct external and internal ports.  There is a checkbox to have pfSense auto-add a firewall rule for you.  Since you're unfamiliar with pfSense, you should use that initially and visit the rule to make sure it does exactly what you want.  By default, the rule will allow the entire world to use that forward which you may not actually want.  At the very least, consider rate limiting the rule (in the firewall rules, under one of the advance buttons) to slow down brute force attempts.



  • Hi Submicron!
    Thanks for your quick answer!

    i've made a screenshot for you of my firewall rules.
    Maybe i have to change there some things

    FO_Belgacom = Failover using Belgacom WAN
    FO_Dommel = Failover using Dommel WAN
    LB_Belgacom_Dommel = Loadbalancing Belgacom and Dommel WAN

    Rule 1 = all SMTP traffic must use the Belgacom uplink (port 25)
    Rule 2 = all newsserver traffic (NNTP) must use the Dommel uplink (port 119)
    Rule 3 = All SSH traffic on port 10022 of my Dommel WAN must go to port 22 of the machine with IP 10.0.0.1

    http://krisken.dommel.be/pfsense/portforwarding/firewall_rules.jpg



  • There was a error in the jpg file i've uploaded.
    I corrected it and re-uploaded the screenshot.


Log in to reply