[Solved] Port forward problem - in but not out
So I have in the past made port forward work with pfsense, but am not having any luck tonight. Here is hoping someone has got the answer.
Problem: I would like to forward port 22 traffic through to a machine in my DMZ interface.
-I have an OpenVPN tunnel as another interface (not WAN), however WAN is the default gateway.
-I have attached clips of my NAT rules, WAN firewall rules, and select fw logs. I setup what I believe are the correct Nat/FW rules, but still no luck.
T/S so far:
-Using ssh from a AWS instance to test the connection.
-I see from the logs traffic appears to be passing through but blocked on the return where it is routed to the wrong interface (StrongVPN).
-Verified packet flow with tcpdump on the pfsense DMZ interface and the DMZ host machine. I see packets flowing from the internet through the firewall WAN to the host, but the response TCP:SA are blocked outbound??
-Created a DMZ firewall rule routing port 22 traffic through the WAN gateway even though it is the default gateway, no change.
I would appreciate any assistance, let me know if there are any questions I can answer, thanks.
![NAT rule.jpg](/public/imported_attachments/1/NAT rule.jpg)
![NAT rule.jpg_thumb](/public/imported_attachments/1/NAT rule.jpg_thumb)
![FW Rule.jpg](/public/imported_attachments/1/FW Rule.jpg)
![FW Rule.jpg_thumb](/public/imported_attachments/1/FW Rule.jpg_thumb)
![FW Log.jpg](/public/imported_attachments/1/FW Log.jpg)
![FW Log.jpg_thumb](/public/imported_attachments/1/FW Log.jpg_thumb)
Can you post your pfSense routing table (Diagnostics -> Routes)?
Edit: Most likely, it could be that you are experiencing the same problem as described in this thread: https://forum.pfsense.org/index.php?topic=80086.0
Ok thanks for the cross link, I did a little more troubleshooting, but I'm not quite there yet.
I added the route-nopull option but did not see a change. However I did have the "redirect-gateway def1" option, so removing that but keeping the "route-nopull" option on she works like a charm! I took some before and after shots of my routes table to see what was being pushed and its effect. I guess I'll bone up on my understanding of routing.
Thanks for the help. This is my first post do I log it solved or closed? Not sure on the SOP here…
Sometimes topic owners edits the subject (or a moderator does it), and adds [Solved] to the beginning, but I don't think it's a written rule that says you must do so.