Firewall NAT Port Forward Help
-
Hello Community
I have set up port forwarding as shown in the image.
The aim is to allow access to my router with ip address 192.168.1.3 from the internet.
When I telnet://public_address:9002 I'm not able telnet to my router.
I'm sure this is a question asked by many newbies.
Your help will be greatly appreciated.
Cheers
Carlton
-
Hi,
in case you want to open up a port of your router on the WAN interface (aka the Internet) you don't need to NAT it.
Just add a rule to the WAN Interface that allow traffic from any to "WAN address" on that particular port.But using telnet in untrusted (even trusted) networks is not the way you want to go, to put it mildly.
Only SSH would be acceptable but even that usually nobody does.
If you want to configure you router remotely try using something like OpenVPN on the remote computer, you can then do stuff like telnet://192.168.1.3:9002 safely through that tunnel because you are then part of your local network. -
When you say router you mean pfsense? I don't even think pfsense supports telnet?? SSH sure, but has to be turned on its not on out of the box.
You would never want to enable telnet to the public internet.. And as mentioned, its not even used internally any more ;)
If you want to admin anything internally on your network, or even pfsense - I would sugggest you vpn in, and then you can admin whatever you want using whatever protocol you want, ssh, telnet, webgui, rdp, etc. etc..
-
Hi guys,
Thanks for responding.
I take your point regarding telnet. Therefore, I will go with SSH.
So I need to SSH to a router via pfsense.
I might not be explaining myself well enough, but to be honest I assumed most people on this forum would have worked with Cisco routers, switches etc…
I can't be the first person asking this question.
I would like to remotely connect to a router that is behind my pfSense firewall. The router has the private address 192.168.1.3.
Clearly I can't SSH onto the router from the Internet to the private address. My pfSense firewall has a WAN address, say 74.65.78.12 and the router with the private address 192.168.1.3 sits behind the pfSense with the WAN ip address, 74.65.78.12.
I have configured the firewall:nat as shown in the image, but it doesn't work.
Can someone please help me.
Carlton
-
ahhhh
so your pfSense is not your router in this case ;D took some time…...In your screenshot there is no Redirect target port entered. You should enter SSH there to.
But even if you do that there is a possibility that your Router doesn't allow connections from any network(only local or known nets).
If that's the case, you should consult your router documentation. -
Joel
Thanks for responding.
May be the I didn't explain myself well as the other responders didn't come close to understanding what I am trying to achieve.
Anyway, I have added SSH to Redirect target port.
So, when I ssh to 74.65.78.12 should I be directed to 192.168.1.3?
If so, it doesn't work
-
Hi,
I have to appreciate that members here aren't too familiar with routers, therefore I'll provide another sample. This time I would like to RDP to a remote Windows Workstation, ip address 192.168.1.2, sitting behind my firewall
The pfSense firewall has an WAN ip address (not real) 74.75.89.1
I have configured the firewall NAT Porward Edit as shown in the image.
Can someone please tell me why this won't work…
-
Can someone please tell me why this won't work…
What's the corresponding firewall rule look like?
-
Derelict
See image for corresponding firewall
-
Oops
-
Should work fine. Does 192.168.1.2 default route back to pfSense? Does it allow inbound MSRDP from "unfriendly" networks?
-
Hi derelict
192.168.1.2 doesn't default to pfsense. However, I an RDP to from unfriendly networks.
I don't undersatnd - it should work
-
Well, the return traffic is going to go wherever the default route tells it to go. If that's not the router node with the NAT translation it's not going to work.
-
The ofsense LAN address is 192.168.1.1, the public address is 74.x.x.x. Are you saying that the default route on the Workstation should be 192.168.1.1?
-
Yes. If you want this to work it has to be.
-
Ok,
Going to get out of bed and try now..
Back in 5mins
-
Brilliant
That worked
Thanks Derelict
