Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Forwarding SSH requests….

    Scheduled Pinned Locked Moved NAT
    14 Posts 6 Posters 6.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Allanon
      last edited by

      Ok I know port forwarding is a simple yet often misunderstood topic, and I am another that's probably misunderstanding it.  Ok so I want to forward all SSH requests to my Untangle box (bridge mode) from Pfsense.  So I'll spare all the gory details of the past couple of weeks, today I deleted all the previous rules I had tried.  I went back thru NAT and had it automatically create the Firewall rules for me.  I also have NAT Reflection disabled as well…no dice.  I can SSH from within the LAN so I know it's setup correctly, however WAN side is a total bust.

      Any help would be greatly appreciated.
      thanks

      BTW: I just read the sticky by cmb above.  Thats the exact method I used this last time..still doesnt work.
      pf-ssh-rules.JPG
      pf-ssh-rules.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        do you have SSH on the pfSense enabled?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • A
          Allanon
          last edited by

          yes i do… a much higher port than 22 though  ;D

          1 Reply Last reply Reply Quote 0
          • jahonixJ
            jahonix
            last edited by

            @Allanon:

            yes i do… a much higher port than 22 though  ;D

            Did you change the rules accordingly, then?

            1 Reply Last reply Reply Quote 0
            • A
              Allanon
              last edited by

              well no I didnt.. Im not trying to hit SSH on the Pfsense.. just the Untangle box that's in bridge mode behind the Pf.

              1 Reply Last reply Reply Quote 0
              • AhnHELA
                AhnHEL
                last edited by

                @Allanon:

                yes i do… a much higher port than 22 though  ;D

                In your pics, you are still using the standard port 22 in your settings

                AhnHEL (Angel)

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG
                  GruensFroeschli
                  last edited by

                  allanon is not trying to SSH into pfSense…
                  but into his untangle box.
                  SSH on pfSense is NOT on port 22.

                  do you have the possibility to set the port on your untangle box?
                  if yes you could try another port.

                  if not: you could try to change the NAT-rule on pfSense so that it forwards a different external port (maybe 222 ?) to to 22.
                  maybe that works.

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • A
                    Allanon
                    last edited by

                    Yes I can..however when I had the port on the Untangle box set to 22223 via sshd_config I was no longer able to hit SSH from the LAN side.  So I changed it back to 22.  I mean the rules look valid to me.. and NAT crated them auomatically so I dont really understand why I cannot hit it from the outside (WAN) side.

                    1 Reply Last reply Reply Quote 0
                    • J
                      jan.gestre
                      last edited by

                      I'm also experiencing a similar problem, I've enable ssh on pfsense port 5678, the DMZ servers I'm connecting are using port 5678 too. I was able to logon to pfsense in our LAN but can't ssh to the DMZ servers if port 5678 is used, however if I changed the DMZ server's ssh port from 5678 to 22, I have no problem connecting. Also I can't ssh to pfsense remotely, I don't know what's wrong with the rules because I can access the pfsense gui remotely. Do I need additional rules to connect to pfsense then to the DMZ servers?

                      1 Reply Last reply Reply Quote 0
                      • J
                        jan.gestre
                        last edited by

                        Solved my problem by creating a firewall rule to allow SSH to pfSense from certain ip address. I can now SSH to pfSense then to the servers, but I think it's not the same as the OP's want.

                        1 Reply Last reply Reply Quote 0
                        • Cry HavokC
                          Cry Havok
                          last edited by

                          Quickly reading through the thread the OPs problem was that they had SSH running internally on 22223/tcp but were forwarding incoming SSH packets to the default port (22/tcp).  That'll never work ;)

                          1 Reply Last reply Reply Quote 0
                          • A
                            Allanon
                            last edited by

                            No actually thats not what Im trying to do..maybe a picture will help  ;)

                            So Im trying essentially to access my Untangle box, which is performing Spam, Phish, AV filtering, via SSH.  I do not even know if SSH or remote administration is enabled on my Pfsense box.  I went thru NAT, created rules forwarding packet inbound for SSH and forwarding them to port 22223 on the Untangle box (192.168.15.2)

                            1 Reply Last reply Reply Quote 0
                            • Cry HavokC
                              Cry Havok
                              last edited by

                              That's what I thought.

                              1 Reply Last reply Reply Quote 0
                              • jahonixJ
                                jahonix
                                last edited by

                                And if you rearrange the drawing a bit you'll see:

                                ┌───────┐                      ┌───────┐              ┌──────┐ 
                                  –WAN--┤ pfSense ├--LAN---(WAN)--┤ untangle ├--(LAN)--┤ switch ├--(local subnet)-...
                                              └───────┘                      └───────┘              └──────┘

                                You said you can reach the Untangle box's SSH port from local subnet side.
                                Are you sure it is reachable from its WAN side (or whatever it's called) as well? This would explain your problems at least.
                                But to be honest I don't know a thing about an 'Untangle' box so maybe I am totally off track.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.