Problem in setting port forwarding to a PC inside the LAN from the internet.
-
Greetings everyone. I have setup a pfSense server as a Xen VM with 2 bridges, 1 to the internet and 1 to LAN as below:
I would like to let myself connect to the Xen server (192.168.100.158) from the internet by setting port forwarding on the pfSense and open port 22 in its firewall rule, but it seems not working.
Now I can see port 22 is open to the internet by testing with port scanner. But if I connect it with SSH client, it keeps time out and cannot connect.
Please kindly help to advice if I have missed any important steps, thank you very much for your help.
-
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
-
Thank you very much for the link, I have followed the instructions and try to fix the issue, but without any luck.
I would like to know which kind of keywords I need to check in order to confirm if there is any traffic related to port 22 really going through the firewall? I am guessing the port is in fact not opening after the configuration is set. Is there any command to force the pfSense system to refresh and update its port forward and firewall rules? Thank you,
-
Stop blaming pfSense and you'll be well on your way to solving your problem. Post what you've done.
-
Yes, the step I have done is as below:
1. I have setup a pfSense as a HVM in my Xen server with easy install option, and then setup the basic settings such as the DNS, WAN and LAN interface with the Setup wizard on the Web interface.
The WAN can get the internet IP from the ISP. And I have set the LAN IP as 192.168.100.1. My machines in the network 192.168.100.* can reach the pfSense Gateway and can reach the Internet normally.2. Then I have added the Aliases of my hosts including the Xen server (192.168.100.158) and the pfSense Gateway (192.168.100.1), in the page "Firewall" -> "Aliases".
3. Afterwards, I setup the NAT port forwarding rule in the page "Firewall" -> "NAT" and saved, the details is as below:
Disable: NOT checked
No RDR: NOT checked
Interface: WAN
Protocol: TCP
Source: Not specified
Destination: WAN address
Destination port range: From "SSH" to "SSH"
Redirect target IP: "Xen" (Alias)
Redirect target port: "SSH"
Description: "SSH to Xen"
No XMLRPC Sync: NOT checked
NAT reflection: "Use system default"
Filter rule association: "Create new associated filter rule"4. I changed the setup on page "System" -> "Advanced" -> "Firewall and NAT" on the following points:
NAT reflection mode for port forwards: "Enable (Pure NAT)"
Enable NAT Reflection for 1:1 NAT: CHECKED
Enable automatic outbound NAT for Reflection: CHECKED5. I have add a new Firewall rules on page "Firewall" -> "Rules" for WAN with details:
Action: "Pass"
Disabled: NOT checked
Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP
Source: "Any"
Destination: "Any"
Destination port range: From "SSH" to "SSH"
Log: NOT checked
Description: "SSH port Anti-block"6. I have reset states with "Diagnostics" -> "Show States".
-
So you say in 4 you created port forward and let it create the associated rule. Then in 5 you say you created a new rule with
Destination: "Any"
That is not correct why would you create a rule with any as dest on your wan?? When you create a forward, by default pfsense will create the required firewall wan rule to allow that nat/forward to work.
Post up your wan rules and your port forwards.. And we can see have exactly..
