SSH NAT not working 2.2.4



  • I have an SSH NAT that is not working. I have 2 other NAT's that work without issue. The box SSH points to has the correct gateway configured (internal IP of PFSense). I previously had a watchguard firewall inplace that NAT'd SSH to the same IP without issue. I also have been playing with Sophos UTM as well. If I shut down pfesnse and bring up Sophos UTM with the same IP and settings SSH NAT works just fine. I really like PFsense, and this is the only sticking point from me dropping PFSense and moving back to watchguard. I have seen other posts of people having the same issues with SSH NAT and dont see any real answers. Any ideas?


  • Rebel Alliance Global Moderator

    And did you go through the troubleshooting doc for port forwarding?

    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

    I can tell you I am running 2.2.4 and have no issues with forwarding SSH to a box behind…  Here I just tested this, see attached - click click working.. I just ssh'd from one of my vps boxes to my home ubuntu box as account I created user, created a public key pair, bing bang zoom.. (I don't allow password auth to any of my boxes)




  • Johnpoz,

    For shrimps and giggles, I changed my NAT to another internal ip and it worked. without issue. The issue seems to be both PFSense and CentOS vm (for SSH, which I use key based auth/dual auth as well) are on my Centos KVM host.

    The strange thing is NAT works great if I use my physical watchgaurd or Sophos UTM vm (on same box. Not powered on while PFsense is on). So for some reason PFSense does not like NAT'ing to the other virt on the same host. So I'll be looking further into that as like I said If I power off PFSense and power on Sohpos UTM VM, Sophos NATs SSH without issue.

    The other odd thing is I have a windows 7 VM on the same host that I NAT RDP to (only from 1 external host) and that works fine. I know eth configs are configured correctly on CentOS SSH server VM. I'm wondering if PFSense has an issue with the bonded then bridged NICs on the CentOS KVM host. THe strange thing there is everything else works and I send high volumes of traffic through network to web via pfsense vm. The host has plenty of memory and procs its an older HP proliant server I got from a client after replacing it.

    FYI: The Pfsense and Sophos UTM VM's are for testing only. If I like what I see I will use a dedicated host for either PFSense or Sohos UTM


  • Rebel Alliance Global Moderator

    You might want to look to KVM being your issue.. Have you seen this?
    https://forum.pfsense.org/index.php?topic=88467.0

    I am running esxi 6, I don't have any issues getting to any of my other vms on the same host be it via port forward or via openvpn connection.



  • I'm thinking it may be a KVM issue