1
General Discussion / Re: SSH NAT not working
« on: March 05, 2023, 10:04:12 pm »Testing from the directly attached WAN can be tricky. Go to Firewall: Settings: Advanced and check "Disable reply-to on WAN rules". It should work without an additional rule then?
Yes "Disabling reply-to on WAN rules" worked, THANK YOU. To be honest, I had looked at this option many times, but never set it. Because the help reads, "With Mulit-WAN ... ensure traffic leaves the same interface it arrives on ..." In my test case, that is happening, traffic will leave the same interface that it came on? Also, I'm not using Mulit-WAN.
In your post, you say, "testing from the directly attached WAN is tricky". So I'm taking this as my SSH client being on the same subnet as the WAN IP. So I created another OPNsense FW in front just to route, no nat'ing on this firewall. So my ssh client is not directly attached anymore:
So now I ssh from 169.10 to 10.13.37.79 (WAN IP of the inside NAT FW). That does not work. Until I disable the "reply-to on WAN" on the new outside fw. (192.168.169.41 interface). No natting, just routing, Traffic will exit the same interface it came in on. So I have to ask, what is this rule or setting doing?
When setting disable reply-to, I was expecting to see that auto floating rule disappear that didn't happen. Thank you,
Nick