Port forward to another interface
-
Can you please clarify from where on which interface you're connecting and what the routes (default gateway) on the pfSense are?
It is possible, but might require a different approach (source NATing).
-
Default Gateway is the Opt1 interface and I want to forward port 5555 from Opt1 interface to 192.168.1.254 that is connectet to Opt2 interface.
The Lan interface has 192.168.250.0/24
The Opt2 Interface has 192.168.1.0/24
The Opt1 Interface has static pppoe from ISP (default)
The WAN Interfacer has static pppoe from ISP. (not used temporary). -
Ok like this it should just work out of the box.
Did you follow the port forward troubleshooting guide?
If you enable logging for the rule allowing the traffic: do you see it in the log? Do you see anything in the log?
-
I can see a pass !
Jul 12 16:22:32 4CHANNELSMAIL x.x.x.x:36359 192.168.1.254:22 TCP:S
-
If you look at the traffic with TCP dump (or wireshark on the server) do you see any frames actually going to the server?
-
It is not actualy a server but a router. It is a router that makes PPPoE passthrough to the Opt1 interface and port2 of router is connected to Opt2 because my provider wants ssh access to the router and this is why I want the port forward this way.
-
Ok my guess would be, that this router might try to answer to the incoming connection directly without sending it back over the pfSense.
To avoid this you can enable source NAT on the pfSense:
Go to: Firewall –> NAT --> outbound
- Enable manual outbound rule generation
- Create a rule:
- Interface: OPT2
- Source: any
- Sourceport: any
- Destination: 192.168.1.254
- Destinationport: 22
- Leave the rest on default (translation on interface address, no static port)
Like this all traffic to the ssh server appear as from the pfSense --> local traffic.
-
It didn't work
:(
-
What didn't work?
Do you see traffic going to the ssh server?
Can you even log into the ssh server locally?
–> Did you follow the portforwarding troubleshooting guide? -
I thing I found the problem…. I will be absolutely sure tomorrow that I will speak with my provider.
I open an ssh to the router (192.168.1.254) and I tried to ping 192.168.250.5 (pfsense) and I got network unreachable. Then I saw that the static route 192.168.250.0/24->192.168.1.1 is not working !
I thing this is the problem. The router cannot send the packets back to pfsense.
Tomorrow I will have news.
