Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can pfsense do SSH port forwarding/tunneling?

    Scheduled Pinned Locked Moved Firewalling
    11 Posts 4 Posters 13.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      corpengineer
      last edited by

      Hello there.  Can pfsense do SSH port forwarding/tunneling?

      For example, can a remote user SSH to the WAN interface, then be able to connect to internal servers via SSH port forwarding/tunneling?

      Thank you.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Yes.  A single port forward rule will do it.

        1 Reply Last reply Reply Quote 0
        • C
          corpengineer
          last edited by

          Is there documentation on this?  When configuring port forwarding, I don't see any options to tunnel the traffic.  Maybe I am looking in the wrong place?

          Here's what I am trying to replicate, and want to replace the SSHd w/ pfsense:

          Currently, I SSH to a server running SSHd (on a NAT'ed public IP) using Putty.  Within Putty, there are options to SSH port forward, which re-maps local ports to private address space via SSH tunnels (like 127.0.0.1:8080 tunnels to 192.168.1.100:80).  So once SSH'ed to the public IP, I can connect to internal servers via SSH port forwarding/tunneling 127.0.0.1:8080 (for example).

          Thank you.

          1 Reply Last reply Reply Quote 0
          • S
            Stewart
            last edited by

            I'm not sure if you really need all that.  Let the router do the port adjustments.  Have the router forward all requests from, say, port 4987 to port 22 on one of your internal IPs.  Then you can connect to your PUBLIC.IP:4987 via Putty and pfSense will forward the request on.

            1 Reply Last reply Reply Quote 0
            • C
              corpengineer
              last edited by

              We need SSH tunneling internally.  But thank you though.

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                I misunderstood what you were looking for, sorry.

                1 Reply Last reply Reply Quote 0
                • C
                  corpengineer
                  last edited by

                  It's not a problem, I appreciate you guys trying to help.

                  So does this functionality not exist in pfsense?

                  What about the 'SSH Conditional' package, can this be used to accomplish ssh tunneling?

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    No idea.

                    1 Reply Last reply Reply Quote 0
                    • K
                      kejianshi
                      last edited by

                      If its linux, unix, BSD, it can proxy however a connection can be proxied, assuming you know how.

                      I used to use proxy on mine all the time, but really with a good VPN, I don't have much use for the proxy features now.

                      It still works fine - I just don't need it.

                      So, answer to your question, assuming you know how to set up your proxy on the client end, pfsense will proxy.

                      1 Reply Last reply Reply Quote 0
                      • C
                        corpengineer
                        last edited by

                        Thank you.

                        For this purpose solely, I was hoping for a quick/easy solution, w/o having to delve into conf files.

                        It seems to me that the 'SSH Conditional' package does what I am looking for.  I'd just like to see a working example if possible.  I've looked around, w/o any luck.

                        Thank you.

                        1 Reply Last reply Reply Quote 0
                        • C
                          corpengineer
                          last edited by

                          Using the package 'SSH Conditions', it does seem to work thus far (though haven't tried many variations) w/o digging into conf files.

                          Of note, some options w/in SSH Conditions do not seem to work, but at least it logs errors so you know.

                          Thank you to all who tried to assist.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.