Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Port forward when PF sense Wan address is a private address

    NAT
    2
    8
    805
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nickom last edited by

      Hello,

      I am trying to configure SSH to a machine on my internal network  which is managed by a PF sense router  but i'm having difficulty working  out the way to configure PF sense.

      My config is as follows:

      1, I have an ADSL router connected to the internet, this has the public IP address.

      2, My PF sense firewall is connected to the ADSL router, the router  supplies a private IP address  (192.168.1.65) to the firewall, effectively this is the WAN IP address as far as the firewall is concerned

      3, The device i am trying to connect to has an IP address of 192.168.2.91 , this is issued by the PFsense DHCP server.

      Is it possible to configure the firewall to port forward from a public ip address on the ADSL router through the PF sense firewall to the end device?

      Any help is really appreciated

      Best regards
      Nick

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        No not without access to the adsl router or having it setup so your pfsense wan IP 192.168.1.65 is in the DMZ of that adsl router.

        Yes if you can forward 22 to your pfsense wan on your adsl router, then you can forward 22 to whatever 192.168.2 address you want.  But the traffic has to get to pfsense from the public internet before you can do anything.

        1 Reply Last reply Reply Quote 0
        • N
          nickom last edited by

          Thanks JohnPoz,

          I have forwarded  port 22 from the ADSL router and its kind of works ,  i have done a packet capture since i posted and this has revealed that i'm getting through to the WAN Ip address on the PF Sense but it doesn't get any further,  do you think the WAN and LAN address being on different subnets may be causing the problem?

          I forgot to mention that i'm running Captive portal  but i have added the device into  Pass-through MAC

          regards
          Nick

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            Did you setup the forward on pfsense..  Why don't you sniff an see does your client your forwarding to get the packet and answer?

            Your not trying to do nat reflection to get to this are you?

            1 Reply Last reply Reply Quote 0
            • N
              nickom last edited by

              yes, i enabled it to test at first  , but then used a cellular device to test it from outside the network.

              regards
              Nick

              1 Reply Last reply Reply Quote 0
              • N
                nickom last edited by

                Hi Johnpoz,

                can you advise how to set up the ip address forward on  PFsense,  i have create a Pass-through-MAC in the Captive portal, but im unsure what i need to do elsewhere.

                Thanks for your help
                Nick

                1 Reply Last reply Reply Quote 0
                • johnpoz
                  johnpoz LAYER 8 Global Moderator last edited by

                  Forward 22 or whatever port your wanting to use to the ssh port and you private address.. See attached example of my forward.


                  1 Reply Last reply Reply Quote 0
                  • N
                    nickom last edited by

                    Thanks Johnpoz,

                    That worked , I had entered the info as described in the picture  except I entered the source address rather than leaving it blank, as soon as I cleared it, it worked.

                    Thanks very much for your help
                    Nick

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense Plus
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy