"Quote from: Bob.Dig on December 08, 2024, 07:27:26 PM
Select FIOS Address instead of This Firewall.
Tried but still getting the "No route to host" error from the SSH client.
(FWIW, "This Firewall" works with the Plex NAT.)
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
24.7, 24.10 Series / Re: NAT Port Forwarding not working for SSH
December 08, 2024, 08:00:33 PMTried but still getting the "No route to host" error from the SSH client.
(FWIW, "This Firewall" works with the Plex NAT.)
#2
24.7, 24.10 Series / Re: NAT Port Forwarding not working for SSH
December 08, 2024, 07:20:53 PMQuote from: bartjsmit on December 08, 2024, 09:26:29 AM
Try SSH with a port other than 22?
No difference if I have the SSH server listening on 2222 and port forward from 2222 to 2222.
Quote from: Patrick M. Hausen on December 08, 2024, 09:57:36 AM
Disable the global "anti-lockout" rule.
No difference here either, unfortunately.
#3
24.7, 24.10 Series / NAT Port Forwarding not working for SSH
December 08, 2024, 02:46:07 AM
I'm having a problem getting NAT port forwarding working for SSH, but a nearly identical rule (different target IP but on the same LAN, different ports) for Plex works without a problem.
Internet <-> (FiOS DHCP address) FiOS router (192.168.1.1) <-> (192.168.1.201) OPNsense (192.168.2.1) <-> (192.168.2.33) SSH server
The FiOS router has 192.168.1.201 set as the DMZ host so all Internet traffic is being sent there. This all worked using a previous Linux box as the firewall (same Internet client, same FiOS router, same SSH server, same IP addresses & ports, etc.); the only change is the upgrade to the OPNsense firewall, so I'm confident that the other pieces are working.
tcpdump on the ssh server does see the incoming connection
but the remote ssh client immediately returns
without even a moment's pause.
Firewall > Settings > Advanced > "Disable reply-to on WAN rules" does not seem to make a difference.
OPNsense NAT rule and firewall log entries attached.
Any suggestions are appreciated. I'm probably missing something simple as I learn OPNsense. Thanks in advance!
Internet <-> (FiOS DHCP address) FiOS router (192.168.1.1) <-> (192.168.1.201) OPNsense (192.168.2.1) <-> (192.168.2.33) SSH server
The FiOS router has 192.168.1.201 set as the DMZ host so all Internet traffic is being sent there. This all worked using a previous Linux box as the firewall (same Internet client, same FiOS router, same SSH server, same IP addresses & ports, etc.); the only change is the upgrade to the OPNsense firewall, so I'm confident that the other pieces are working.
tcpdump on the ssh server does see the incoming connection
Code Select
# tcpdump -vv port 22
20:15:51.660109 IP (tos 0x0, ttl 50, id 28928, offset 0, flags [DF], proto TCP (6), length 60)
remote.host.45618 > 192.168.2.33.ssh: Flags [S], cksum 0xcd3a (correct), seq 1454014126, win 64240, options [mss 1420,sackOK,TS val 1787846930 ecr 0,nop,wscale 7], length 0
but the remote ssh client immediately returns
Code Select
ssh: connect to host example.dyndns.com port 2222: No route to host
without even a moment's pause.
Firewall > Settings > Advanced > "Disable reply-to on WAN rules" does not seem to make a difference.
OPNsense NAT rule and firewall log entries attached.
Any suggestions are appreciated. I'm probably missing something simple as I learn OPNsense. Thanks in advance!
#4
General Discussion / Monit alert e-mails
December 27, 2022, 06:55:23 AM
The "gateway_alert" service is doing a great job of alerting me to one of my WAN uplinks being down. Is there someway to have it alert me when the condition starts (and ends) and perhaps just one an hour or something like that while the condition persists? Now that I have a ticket open with the upstream provider, I don't need an e-mail every two minutes.
Pages1
