Weird firewall behaviour on ssh port 22

Started by knack, June 20, 2023, 11:15:01 PM

Previous topic - Next topic
Hi

OPNsense 23.1.9-amd64

I enable ssh and open the port and that the firewall log from outside my network

   lan      2023-06-20T23:12:15   37.187.:41144   192.168.2.100:443   tcp   let out anything from firewall host itself   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.2.100:443   tcp   Webproxy HTTPS   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.100.10:443   tcp   rdr rule   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.2.100:80   tcp   Default deny / state violation rule   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.100.10:80   tcp   rdr rule


I have some rules for 80,443

Without that rules this is the log

wan      2023-06-20T23:14:07   37.187.:62449   192.168.100.10:443   tcp   Default deny / state violation rule   
   wan      2023-06-20T23:14:07   37.187.:62449   192.168.100.10:80   tcp   Default deny / state violation rule

If i use other port for ssh work ok

Any idea?

What exactly are you trying to do and what isn't working?  Your post is very unclear.

June 21, 2023, 07:44:10 PM #2 Last Edit: June 21, 2023, 08:14:38 PM by knack
connect to ssh port 22 from wan interface

And the problems is i can't connect, and that is the weird firewall log showing my connection (try) to port 22   from another external ip.

If i change sshd to port 2222 works fine.

I hope you know the implications of doing this (brute force attacks) but can you show your rules please?

Will post in few hours but the rules are the same if i open the port 1022 or 22, with port 1022 and ssh configured for that port work, with port 22 the firewall block with that weird log.

That not seems a config problem, seems a bug


maybe but seems to not work just for you  ;)

My actual rules




IPv4 TCP * * * 22 * * SSH WAN
IPv4 TCP * * 192.168.2.100 443 (HTTPS) * * Webproxy HTTPS
IPv4 TCP/UDP * * 192.168.2.72 51413 * * Torrent
IPv4 UDP * * 192.168.2.80 51820 * * Wireguard
IPv4 TCP * * 192.168.2.123 25 (SMTP) * * SMTP
IPv4 TCP * * 192.168.2.73 995 (POP3/S) * * POP3S
IPv4 TCP * * 192.168.2.100 80 (HTTP) * * Webproxy HTTP
IPv4 TCP * * * 587 (SUBMISSION) * * 587 port smtps
IPv4 TCP/UDP * * 192.168.2.53 53 (DNS) * *

if those columns are
Protocol Source Port Destination Port Gateway Schedule Description
then you have set destination "*". Can you change it to "WAN Address" and retest?
You need to set it on the WAN interface.
That says traffic to the current wan ip coming in to port 22, let through.

June 25, 2023, 10:07:32 PM #8 Last Edit: June 25, 2023, 10:10:52 PM by knack
I try and still not work, filtered and same posted behavior in the firewall log

anyway not seems related to the rule, same rule using port 2222 and running sshd on port 2222 works

I begin thinking my fiber company begin blocking port 22 but if was that i don't known why opnsense each time i try connect to port 22 display a connection to port 80 and 443