Firewall rules not working (SSH/HTTP)
-
Hey guys,
I've setup a pfSense server on a station with 4 NICs. (wan, lan, opt1, opt2). My WAN is supplied by my university, and my WAN IP of the box is 10.147.2.10 (supplied by uni's DHCP). I'm trying to access the pfSense box from the WAN (from a machine "WS1" who has an IP of 10.147.4.110). I have created the following firewall rules:
Action -> Pass
Interface -> WAN
TCP/IP -> IPv4
Protocol -> TCP
Source -> WAN Address
Dest -> WAN Address
Port Range -> 9090 (what I set the webUI server to use)I hit save and then apply. However when I try to access the webUI from WS1 I get a cannot load page, connection timed out.
I also tried setting up remote SSH to the box with the same setup as before aside from the change of ports (9191 for example) but I can't SSH into the box either.
I have a cluster of blades sitting on the LAN port, and I configured NAT forwarding for a few SSH servers on the blades. I can access those blades from WS1. But I can't SSH into pfSense…
Can anyone help me out here? my LAN NAT rules are working perfectly. SSH/HTTP/SQL on the blade cluster are able to be accessed using the pfSense box's WAN ip from WS1, however I cannot access the pfSense HTTP/SSH servers from WAN at all. I can access pfSense HTTP/SSH from all 3 NICs (LAN/OPT1/OPT2).
Thank you for your help.
-
Source should be any unless you want to allow connections only from 10.147.4.110, in which case source should be Single host or alias: 10.147.4.110
-
Source should be any unless you want to allow connections only from 10.147.4.110, in which case source should be Single host or alias: 10.147.4.110
Sorry, yes, the source is the 10.147.4.110, not WAN address, that was a typo. I also set it to any, but still nothing.
I went to the firewall log, and added the pass rule from there, didn't do anything either. Under firewall log, if I click the info button for the attempted connection, it says cannot resolve under the WAN ip of the pfSense box.
From LAN, OPT1 and OPT2 I can access the webUI using the WAN IP of the box "10.147.2.177", but from outside the LANs I still can't.
-
Are you sure this isn't some isolation or filtering done on the "WAN" network?
-
What do you mean by isolation or filtering? Do you mean that the university is blocking access? I don't think that's the case because I am able to access the blade cluster sitting behind the pfSense box using the WAN IP of the pfSense box from WS1.
-
Filtering on the "WAN" that prevents clients on the same network from communicating.
Do you have Block private netwoeks disabled on WAN?
-
Filtering on the "WAN" that prevents clients on the same network from communicating.
Do you have Block private netwoeks disabled on WAN?
DOH! So simple. Thank you so much!!!