Show Posts
1
21.1 Legacy Series / Re: Remote SSH NAT port forward to internal network device not working
« on: May 21, 2021, 01:06:28 pm »
Hello,
I have a similar problem if not the same.
I'm also trying to port forward to SSH.
Firewall WAN rule
Protocol Source Port Destination Port Gateway Schedule Description
IPv4 TCP * * * SSH_EXT * *
IPv4 TCP * * * 25 (SMTP) * *
NAT port forward
Interface Proto Address Ports Address Ports IP Ports Description
WAN TCP * * WAN address SSH_EXT PC_02 22 (SSH)
WAN TCP * * WAN address 25 (SMTP) MAIL 25 (SMTP)
*SSH_EXT is a 40000+ port
Looking at the live logs SSH rule gets blocked by Default block rule while SMTP works without any problems.
Both devices are on the same VLAN.
If I enable Filter rule association(PASS) then the SSH rule works without a problem but I read somewhere that
this way rule bypasses the FW rules and I don't want it to.
Few more observations.
SSH rule works if I do 22 to 22 port forward so it seems that the problem is only if port gets redirected from different port.
I also tried to port forward to random port, 456, instead of 22 to see if port 22 was in use somewhere on the FW but it was also blocked by the deafult block rule.
Tried it with SSH access to the FW enabled and disabled.
EDIT: Version OPNsense 21.1.5-amd64
Any ideas?
Thank you in advance!
Best regards,
Uros
I have a similar problem if not the same.
I'm also trying to port forward to SSH.
Firewall WAN rule
Protocol Source Port Destination Port Gateway Schedule Description
IPv4 TCP * * * SSH_EXT * *
IPv4 TCP * * * 25 (SMTP) * *
NAT port forward
Interface Proto Address Ports Address Ports IP Ports Description
WAN TCP * * WAN address SSH_EXT PC_02 22 (SSH)
WAN TCP * * WAN address 25 (SMTP) MAIL 25 (SMTP)
*SSH_EXT is a 40000+ port
Looking at the live logs SSH rule gets blocked by Default block rule while SMTP works without any problems.
Both devices are on the same VLAN.
If I enable Filter rule association(PASS) then the SSH rule works without a problem but I read somewhere that
this way rule bypasses the FW rules and I don't want it to.
Few more observations.
SSH rule works if I do 22 to 22 port forward so it seems that the problem is only if port gets redirected from different port.
I also tried to port forward to random port, 456, instead of 22 to see if port 22 was in use somewhere on the FW but it was also blocked by the deafult block rule.
Tried it with SSH access to the FW enabled and disabled.
EDIT: Version OPNsense 21.1.5-amd64
Any ideas?
Thank you in advance!
Best regards,
Uros