Port forward when PF sense Wan address is a private address



  • Hello,

    I am trying to configure SSH to a machine on my internal network  which is managed by a PF sense router  but i'm having difficulty working  out the way to configure PF sense.

    My config is as follows:

    1, I have an ADSL router connected to the internet, this has the public IP address.

    2, My PF sense firewall is connected to the ADSL router, the router  supplies a private IP address  (192.168.1.65) to the firewall, effectively this is the WAN IP address as far as the firewall is concerned

    3, The device i am trying to connect to has an IP address of 192.168.2.91 , this is issued by the PFsense DHCP server.

    Is it possible to configure the firewall to port forward from a public ip address on the ADSL router through the PF sense firewall to the end device?

    Any help is really appreciated

    Best regards
    Nick


  • LAYER 8 Global Moderator

    No not without access to the adsl router or having it setup so your pfsense wan IP 192.168.1.65 is in the DMZ of that adsl router.

    Yes if you can forward 22 to your pfsense wan on your adsl router, then you can forward 22 to whatever 192.168.2 address you want.  But the traffic has to get to pfsense from the public internet before you can do anything.



  • Thanks JohnPoz,

    I have forwarded  port 22 from the ADSL router and its kind of works ,  i have done a packet capture since i posted and this has revealed that i'm getting through to the WAN Ip address on the PF Sense but it doesn't get any further,  do you think the WAN and LAN address being on different subnets may be causing the problem?

    I forgot to mention that i'm running Captive portal  but i have added the device into  Pass-through MAC

    regards
    Nick


  • LAYER 8 Global Moderator

    Did you setup the forward on pfsense..  Why don't you sniff an see does your client your forwarding to get the packet and answer?

    Your not trying to do nat reflection to get to this are you?



  • yes, i enabled it to test at first  , but then used a cellular device to test it from outside the network.

    regards
    Nick



  • Hi Johnpoz,

    can you advise how to set up the ip address forward on  PFsense,  i have create a Pass-through-MAC in the Captive portal, but im unsure what i need to do elsewhere.

    Thanks for your help
    Nick


  • LAYER 8 Global Moderator

    Forward 22 or whatever port your wanting to use to the ssh port and you private address.. See attached example of my forward.




  • Thanks Johnpoz,

    That worked , I had entered the info as described in the picture  except I entered the source address rather than leaving it blank, as soon as I cleared it, it worked.

    Thanks very much for your help
    Nick


Log in to reply