Port forward when PF sense Wan address is a private address
I am trying to configure SSH to a machine on my internal network which is managed by a PF sense router but i'm having difficulty working out the way to configure PF sense.
My config is as follows:
1, I have an ADSL router connected to the internet, this has the public IP address.
2, My PF sense firewall is connected to the ADSL router, the router supplies a private IP address (192.168.1.65) to the firewall, effectively this is the WAN IP address as far as the firewall is concerned
3, The device i am trying to connect to has an IP address of 192.168.2.91 , this is issued by the PFsense DHCP server.
Is it possible to configure the firewall to port forward from a public ip address on the ADSL router through the PF sense firewall to the end device?
Any help is really appreciated
No not without access to the adsl router or having it setup so your pfsense wan IP 192.168.1.65 is in the DMZ of that adsl router.
Yes if you can forward 22 to your pfsense wan on your adsl router, then you can forward 22 to whatever 192.168.2 address you want. But the traffic has to get to pfsense from the public internet before you can do anything.
I have forwarded port 22 from the ADSL router and its kind of works , i have done a packet capture since i posted and this has revealed that i'm getting through to the WAN Ip address on the PF Sense but it doesn't get any further, do you think the WAN and LAN address being on different subnets may be causing the problem?
I forgot to mention that i'm running Captive portal but i have added the device into Pass-through MAC
Did you setup the forward on pfsense.. Why don't you sniff an see does your client your forwarding to get the packet and answer?
Your not trying to do nat reflection to get to this are you?
yes, i enabled it to test at first , but then used a cellular device to test it from outside the network.
can you advise how to set up the ip address forward on PFsense, i have create a Pass-through-MAC in the Captive portal, but im unsure what i need to do elsewhere.
Thanks for your help
Forward 22 or whatever port your wanting to use to the ssh port and you private address.. See attached example of my forward.
That worked , I had entered the info as described in the picture except I entered the source address rather than leaving it blank, as soon as I cleared it, it worked.
Thanks very much for your help