"
Never mind. I just solved the issue by trying all possible settings in Port Forward. Filter rule association set to Pass did the trick.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / Port Forwarding stuck at SYN_RECV
September 11, 2018, 03:11:50 AM
I'm trying to migrate my router from pfSense to Opnsense. I've set up a testing box on an ESXi VM. I'm trying to use it to test all features that I need.
Now I'm having a problem to setup port forwarding. From Opnsense and my test server's netstat status, I can see a socket has been created but its state is SYN_RECV.
Here is my configuration:
WAN: 192.168.1.0/24
Opnsense WAN address: 192.168.1.174
Opnsense LAN: 192.168.10.0/24
Internal server: 192.169.10.101, SSH
Opnsense WAN interface: both Block private networks and Block bogon networks are disabled
Opnsense Firewall Settings: In Advanced, Reflection for port forwards is enabled, Reflection for 1:1 is disabled, Automatic outbound NAT for Reflection is enabled
Filewall rule: NAT->Port Forward:
While I use one of my external box 192.168.1.100 to ssh to the OPNsense WAN address 192.168.1.174, I can see the OPNSense box has a log item under Firewall-Log Files-Live View:
"let out anything from from firewall host itself".
On the SSH server, netstat shows:
after a while, on the external box 192.168.1.100, I get "ssh: connect to host 192.168.1.174 port 22: Connection timed out"
What configurations am I missing?
The same SSH server works fine with a pfsense firewall.
Now I'm having a problem to setup port forwarding. From Opnsense and my test server's netstat status, I can see a socket has been created but its state is SYN_RECV.
Here is my configuration:
WAN: 192.168.1.0/24
Opnsense WAN address: 192.168.1.174
Opnsense LAN: 192.168.10.0/24
Internal server: 192.169.10.101, SSH
Opnsense WAN interface: both Block private networks and Block bogon networks are disabled
Opnsense Firewall Settings: In Advanced, Reflection for port forwards is enabled, Reflection for 1:1 is disabled, Automatic outbound NAT for Reflection is enabled
Filewall rule: NAT->Port Forward:
Code Select
Interface: WAN
Source: Advanced
Source: any
Source port range: any to any
Destination: WAN address
Destination port range: SSH to SSH
Redirect target IP: 192.168.10.101
Redirect target port: SSH
other settings: default
While I use one of my external box 192.168.1.100 to ssh to the OPNsense WAN address 192.168.1.174, I can see the OPNSense box has a log item under Firewall-Log Files-Live View:
"let out anything from from firewall host itself".
On the SSH server, netstat shows:
Code Select
tcp 0 0 sshsvr:ssh 192.168.1.100:56416 SYN_RECV
after a while, on the external box 192.168.1.100, I get "ssh: connect to host 192.168.1.174 port 22: Connection timed out"
What configurations am I missing?
The same SSH server works fine with a pfsense firewall.
Pages1
