Port Open != port forwarding?



  • I want to SSH to a host with in my personal network.  I've enabled a rule in the firewall which allows port 222 (my specifically configured SSH port) to the specific IP.  Yet, I am unable to connect.  netstat -an shows that my pfsense isn't "listening" on that port (which I would think it would be if it were forwarding).  What am I missing?



  • As you topic says:
    Open a port in the firewall is not forwarding it to some host behind your firewall.

    To do that go to FIREWALL -> NAT -> Port Forwarding
    Set this up - on the bottom of this config page you can create a firewall rule for this PortForward automatically.


  • Rebel Alliance Developer Netgate

    What Nachtfalke says is right - you need a port forward - I just have one additional note:

    netstat on the firewall will never show any entries for things being forwarded/passed by the firewall with NAT/rules. Those are only for connections terminating at the firewall, not being passed through.

    What you want to look at is the state table, which you can see at Diagnostics > States or "pfctl -ss" from the CLI.


Log in to reply