[solved] Unable to Port Forward SSH to LAN from WAN. WAN to Firewall SSH is OK.

Started by hwitten, March 26, 2021, 05:24:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 26, 2021, 05:24:54 PM Last Edit: March 26, 2021, 07:30:50 PM by hwitten
Using this HowTo: https://forum.opnsense.org/index.php?topic=13453.msg61952#msg61952

For reference, HTTP/HTTPS is working ok from outside using Port Forwarding.

SSH is what I'm having problems with from 'outside'.

I changed Firewall SSH to 2222 and can access from outside with a port forward setting of:
Interface: WAN
Proto: any
Source Address: any
Ports: any
Destination Address: WAN address
Ports: 2220
NAT IP: 192.168.1.1
Ports: 2222

I also have SSH running at 192.168.1.125.
Changing the last 3 from above to:
Ports: 2220
NAT IP: 192.168.1.125
Ports: 22

...gives a connection timeout. SSH to same server from inside connects ok.

Have tried with Firewall SSH disabled but it made no difference.
Have also tried adding a floating rule, but probably not correctly.

What am I missing?
March 26, 2021, 05:59:51 PM #1
Did you create an associated allow rule on your WAN interface that allows TCP to port 22 for 192.168.1.125? Also, this is more of an observation but if your firewall SSH is listening on the WAN interface, a port forward rule isn't needed; just a simple allow rule in the WAN firewall rules.
March 26, 2021, 06:38:39 PM #2
QuoteDid you create an associated allow rule on your WAN interface that allows TCP to port 22 for 192.168.1.125?

I did. Think I found my problem though, sort of.

Switched to another SSH machine/ip and that works so my problem must be with the .125 itself.

I'll consider this solved for now or at least not an OPNsense problem.
Another lesson learned :)
Print
Go Up Pages1
User actions