Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to reach SSH through pfSense NAT

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dave_vooservers
      last edited by

      Hi all,

      I have a pfSense box running 2.2.2. With a public interface and a single private LAN interface. The private LAN is on the 10.10.22.0/24.

      Connected to the switch along with the pfSense box, in the private VLAN, is (among other things) a server running a backup agent, and is only to be used on the internal private network. I need to be abel to access the public pfSense interface on a specific port, and have that reach the ssh port on the backup agent box on the private network.

      Overview:

      pfSense Private IP:
      10.10.22.1

      Backup agent box Private IP:
      10.10.22.2

      I have the following NAT rule in place (in the Port Forwarding section):
      Interface - PublicWAN
      Protocol - TCP
      Source Addr/Port - /
      Destination Addr - "PrivateLAN Address"
      Destination Port - (the external port for the NAT rule)
      NAT IP - 10.10.22.2
      NAT Ports - (the internal SSH port for the backup box)

      As far as I can see that would be correct?

      pfSense created a linked Firewall rule for it too on the PublicWAN tab. And that is as follows:
      Protocol - IPv4 TCP
      Source - *
      Port - *
      Destination - 10.10.22.2
      Port - (the internal SSH port on the backup box)
      Gateway - *

      Here's the situation:
      -The pfSense box can ping the backup box on its private address
      -The backup box can ping the pfSense box on its private address
      -I can use port check on pfSense to test the internal SSH port of the backup box, it hits the backup box and returns "OpenSSH" in the text, so SSH is working fine.
      -Firewall is disabled on the backup box
      -However I cannot reach it from outside. If I attempt to SSH to the public address of the pfsense box with the external port for the SSH service, it doesn't respond at all, the connection just times out.

      Any ideas?

      Thanks all,
      Dave.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Destination Addr - "PrivateLAN Address"

        This should be PublicWAN address.  You're NATing from a public destination address to the private one behind the curtain.

        1 Reply Last reply Reply Quote 0
        • D
          dave_vooservers
          last edited by

          Hi Kom,

          Thanks for that, I changed that and it still didnt work. Then realised the backup box had no gateway on its private interface setup.. Gave it 10.10.22.1 as a gateway and it now works fine. Thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.