Firewall rules not working (SSH/HTTP)



  • Hey guys,

    I've setup a pfSense server on a station with 4 NICs. (wan, lan, opt1, opt2). My WAN is supplied by my university, and my WAN IP of the box is 10.147.2.10 (supplied by uni's DHCP). I'm trying to access the pfSense box from the WAN (from a machine "WS1" who has an IP of 10.147.4.110). I have created the following firewall rules:

    Action -> Pass
    Interface -> WAN
    TCP/IP -> IPv4
    Protocol -> TCP
    Source -> WAN Address
    Dest -> WAN Address
    Port Range -> 9090 (what I set the webUI server to use)

    I hit save and then apply. However when I try to access the webUI from WS1 I get a cannot load page, connection timed out.

    I also tried setting up remote SSH to the box with the same setup as before aside from the change of ports (9191 for example) but I can't SSH into the box either.

    I have a cluster of blades sitting on the LAN port, and I configured NAT forwarding for a few SSH servers on the blades. I can access those blades from WS1. But I can't SSH into pfSense…

    Can anyone help me out here? my LAN NAT rules are working perfectly. SSH/HTTP/SQL on the blade cluster are able to be accessed using the pfSense box's WAN ip from WS1, however I cannot access the pfSense HTTP/SSH servers from WAN at all. I can access pfSense HTTP/SSH from all 3 NICs (LAN/OPT1/OPT2).

    Thank you for your help.


  • LAYER 8 Netgate

    Source should be any unless you want to allow connections only from 10.147.4.110, in which case source should be Single host or alias: 10.147.4.110



  • @Derelict:

    Source should be any unless you want to allow connections only from 10.147.4.110, in which case source should be Single host or alias: 10.147.4.110

    Sorry, yes, the source is the 10.147.4.110, not WAN address, that was a typo. I also set it to any, but still nothing.

    I went to the firewall log, and added the pass rule from there, didn't do anything either. Under firewall log, if I click the info button for the attempted connection, it says cannot resolve under the WAN ip of the pfSense box.

    From LAN, OPT1 and OPT2 I can access the webUI using the WAN IP of the box "10.147.2.177", but from outside the LANs I still can't.


  • LAYER 8 Netgate

    Are you sure this isn't some isolation or filtering done on the "WAN" network?



  • What do you mean by isolation or filtering? Do you mean that the university is blocking access? I don't think that's the case because I am able to access the blade cluster sitting behind the pfSense box using the WAN IP of the pfSense box from WS1.


  • LAYER 8 Netgate

    Filtering on the "WAN" that prevents clients on the same network from communicating.

    Do you have Block private netwoeks disabled on WAN?



  • @Derelict:

    Filtering on the "WAN" that prevents clients on the same network from communicating.

    Do you have Block private netwoeks disabled on WAN?

    DOH! So simple. Thank you so much!!!


Log in to reply