Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Remote SSH NAT port forward to internal network device not working
« previous
next »
Print
Pages: [
1
]
Author
Topic: Remote SSH NAT port forward to internal network device not working (Read 2130 times)
windswept321
Newbie
Posts: 34
Karma: 1
Remote SSH NAT port forward to internal network device not working
«
on:
May 18, 2021, 03:04:39 pm »
This one is a little strange, as I was copying a known working configuration from another opnsense box I have, but I can't get it working.
After a wasted day, I would really appreciate any advice...
Basically, I have a Raspberry Pi running on a dedicated VLAN I want to allow SSH access to.
The LAN network is 192.168.1.X/24, while the VLAN is 192.168.6.X, with the Pi at 192.168.6.100.
The NAT port forward rule looks like this:
Interface Proto Address Ports Address Ports IP Ports
WAN TCP * * WAN net 46 192.168.6.100 22 (SSH)
Firewall rules for VLAN 6 are:
Protocol Source Port Destination Port Gateway Schedule Description
IPv4+6 TCP/UDP. VLAN net * VLAN address 53 (DNS) * * allow DNS
IPv4+6 TCP/UDP VLAN net * * * * * allow VLAN to WAN rule
IPv4 TCP WAN net * 192.168.6.100/24 22 (SSH) * * allow remote SSH
Firewall rules for the WAN interface:
Protocol Source Port Destination Port Gateway Schedule Description
IPv4 TCP * * 192.168.6.100 22 (SSH) * *
Thanks for reading.
Logged
astuckey
Newbie
Posts: 31
Karma: 1
Re: Remote SSH NAT port forward to internal network device not working
«
Reply #1 on:
May 20, 2021, 06:46:38 pm »
I'm wondering since the OPNsense is binding on 22 for it's own ssh daemon it might be interfering with the NAT.
Could you try a different external port - 2222 for the NAT?
Also (though the NAT config might be taking care of it), there doesn't seem to be a WAN rule with the destination of the WAN address/net.
What are the symptoms you are seeing? Timeout, or RST for example.
Logged
uros
Newbie
Posts: 1
Karma: 0
Re: Remote SSH NAT port forward to internal network device not working
«
Reply #2 on:
May 21, 2021, 01:06:28 pm »
Hello,
I have a similar problem if not the same.
I'm also trying to port forward to SSH.
Firewall WAN rule
Protocol Source Port Destination Port Gateway Schedule Description
IPv4 TCP * * * SSH_EXT * *
IPv4 TCP * * * 25 (SMTP) * *
NAT port forward
Interface Proto Address Ports Address Ports IP Ports Description
WAN TCP * * WAN address SSH_EXT PC_02 22 (SSH)
WAN TCP * * WAN address 25 (SMTP) MAIL 25 (SMTP)
*SSH_EXT is a 40000+ port
Looking at the live logs SSH rule gets blocked by Default block rule while SMTP works without any problems.
Both devices are on the same VLAN.
If I enable Filter rule association(PASS) then the SSH rule works without a problem but I read somewhere that
this way rule bypasses the FW rules and I don't want it to.
Few more observations.
SSH rule works if I do 22 to 22 port forward so it seems that the problem is only if port gets redirected from different port.
I also tried to port forward to random port, 456, instead of 22 to see if port 22 was in use somewhere on the FW but it was also blocked by the deafult block rule.
Tried it with SSH access to the FW enabled and disabled.
EDIT: Version OPNsense 21.1.5-amd64
Any ideas?
Thank you in advance!
Best regards,
Uros
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Remote SSH NAT port forward to internal network device not working