Forwarding SSH requests….

  • Ok I know port forwarding is a simple yet often misunderstood topic, and I am another that's probably misunderstanding it.  Ok so I want to forward all SSH requests to my Untangle box (bridge mode) from Pfsense.  So I'll spare all the gory details of the past couple of weeks, today I deleted all the previous rules I had tried.  I went back thru NAT and had it automatically create the Firewall rules for me.  I also have NAT Reflection disabled as well…no dice.  I can SSH from within the LAN so I know it's setup correctly, however WAN side is a total bust.

    Any help would be greatly appreciated.

    BTW: I just read the sticky by cmb above.  Thats the exact method I used this last time..still doesnt work.

  • do you have SSH on the pfSense enabled?

  • yes i do… a much higher port than 22 though  ;D

  • @Allanon:

    yes i do… a much higher port than 22 though  ;D

    Did you change the rules accordingly, then?

  • well no I didnt.. Im not trying to hit SSH on the Pfsense.. just the Untangle box that's in bridge mode behind the Pf.

  • @Allanon:

    yes i do… a much higher port than 22 though  ;D

    In your pics, you are still using the standard port 22 in your settings

  • allanon is not trying to SSH into pfSense…
    but into his untangle box.
    SSH on pfSense is NOT on port 22.

    do you have the possibility to set the port on your untangle box?
    if yes you could try another port.

    if not: you could try to change the NAT-rule on pfSense so that it forwards a different external port (maybe 222 ?) to to 22.
    maybe that works.

  • Yes I can..however when I had the port on the Untangle box set to 22223 via sshd_config I was no longer able to hit SSH from the LAN side.  So I changed it back to 22.  I mean the rules look valid to me.. and NAT crated them auomatically so I dont really understand why I cannot hit it from the outside (WAN) side.

  • I'm also experiencing a similar problem, I've enable ssh on pfsense port 5678, the DMZ servers I'm connecting are using port 5678 too. I was able to logon to pfsense in our LAN but can't ssh to the DMZ servers if port 5678 is used, however if I changed the DMZ server's ssh port from 5678 to 22, I have no problem connecting. Also I can't ssh to pfsense remotely, I don't know what's wrong with the rules because I can access the pfsense gui remotely. Do I need additional rules to connect to pfsense then to the DMZ servers?

  • Solved my problem by creating a firewall rule to allow SSH to pfSense from certain ip address. I can now SSH to pfSense then to the servers, but I think it's not the same as the OP's want.

  • Quickly reading through the thread the OPs problem was that they had SSH running internally on 22223/tcp but were forwarding incoming SSH packets to the default port (22/tcp).  That'll never work ;)

  • No actually thats not what Im trying to do..maybe a picture will help  ;)

    So Im trying essentially to access my Untangle box, which is performing Spam, Phish, AV filtering, via SSH.  I do not even know if SSH or remote administration is enabled on my Pfsense box.  I went thru NAT, created rules forwarding packet inbound for SSH and forwarding them to port 22223 on the Untangle box (

  • That's what I thought.

  • And if you rearrange the drawing a bit you'll see:

    ┌───────┐                      ┌───────┐              ┌──────┐ 
      –WAN--┤ pfSense ├--LAN---(WAN)--┤ untangle ├--(LAN)--┤ switch ├--(local subnet)-...
                  └───────┘                      └───────┘              └──────┘

    You said you can reach the Untangle box's SSH port from local subnet side.
    Are you sure it is reachable from its WAN side (or whatever it's called) as well? This would explain your problems at least.
    But to be honest I don't know a thing about an 'Untangle' box so maybe I am totally off track.

Log in to reply