Text only | Text with Images

OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: knack on June 20, 2023, 11:15:01 PM

Title: Weird firewall behaviour on ssh port 22
Post by: knack on June 20, 2023, 11:15:01 PM
Hi

OPNsense 23.1.9-amd64

I enable ssh and open the port and that the firewall log from outside my network

   lan      2023-06-20T23:12:15   37.187.:41144   192.168.2.100:443   tcp   let out anything from firewall host itself   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.2.100:443   tcp   Webproxy HTTPS   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.100.10:443   tcp   rdr rule   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.2.100:80   tcp   Default deny / state violation rule   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.100.10:80   tcp   rdr rule


I have some rules for 80,443

Without that rules this is the log

wan      2023-06-20T23:14:07   37.187.:62449   192.168.100.10:443   tcp   Default deny / state violation rule   
   wan      2023-06-20T23:14:07   37.187.:62449   192.168.100.10:80   tcp   Default deny / state violation rule

If i use other port for ssh work ok

Any idea?
Title: Re: Weird firewall behaviour on ssh port 22
Post by: CJ on June 21, 2023, 05:01:26 PM
What exactly are you trying to do and what isn't working?  Your post is very unclear.
Title: Re: Weird firewall behaviour on ssh port 22
Post by: knack on June 21, 2023, 07:44:10 PM
connect to ssh port 22 from wan interface

And the problems is i can't connect, and that is the weird firewall log showing my connection (try) to port 22   from another external ip.

If i change sshd to port 2222 works fine.
Title: Re: Weird firewall behaviour on ssh port 22
Post by: cookiemonster on June 21, 2023, 10:39:02 PM
I hope you know the implications of doing this (brute force attacks) but can you show your rules please?
Title: Re: Weird firewall behaviour on ssh port 22
Post by: knack on June 22, 2023, 07:42:17 AM
Will post in few hours but the rules are the same if i open the port 1022 or 22, with port 1022 and ssh configured for that port work, with port 22 the firewall block with that weird log.

That not seems a config problem, seems a bug

Title: Re: Weird firewall behaviour on ssh port 22
Post by: cookiemonster on June 22, 2023, 10:10:21 AM
maybe but seems to not work just for you  ;)
Title: Re: Weird firewall behaviour on ssh port 22
Post by: knack on June 24, 2023, 10:26:08 AM
My actual rules



Code Select

IPv4 TCP * * * 22 * * SSH WAN
IPv4 TCP * * 192.168.2.100 443 (HTTPS) * * Webproxy HTTPS
IPv4 TCP/UDP * * 192.168.2.72 51413 * * Torrent
IPv4 UDP * * 192.168.2.80 51820 * * Wireguard
IPv4 TCP * * 192.168.2.123 25 (SMTP) * * SMTP
IPv4 TCP * * 192.168.2.73 995 (POP3/S) * * POP3S
IPv4 TCP * * 192.168.2.100 80 (HTTP) * * Webproxy HTTP
IPv4 TCP * * * 587 (SUBMISSION) * * 587 port smtps
IPv4 TCP/UDP * * 192.168.2.53 53 (DNS) * *
Title: Re: Weird firewall behaviour on ssh port 22
Post by: cookiemonster on June 24, 2023, 10:53:56 PM
if those columns are
Code Select
Protocol Source Port Destination Port Gateway Schedule Description
then you have set destination "*". Can you change it to "WAN Address" and retest?
You need to set it on the WAN interface.
That says traffic to the current wan ip coming in to port 22, let through.
Title: Re: Weird firewall behaviour on ssh port 22
Post by: knack on June 25, 2023, 10:07:32 PM
I try and still not work, filtered and same posted behavior in the firewall log

anyway not seems related to the rule, same rule using port 2222 and running sshd on port 2222 works

I begin thinking my fiber company begin blocking port 22 but if was that i don't known why opnsense each time i try connect to port 22 display a connection to port 80 and 443
Text only | Text with Images