pfSense Gold Subscription

Author Topic: Port Forwarding Working, Port Translation Not  (Read 134 times)

0 Members and 1 Guest are viewing this topic.

Offline nowell29

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Port Forwarding Working, Port Translation Not
« on: November 05, 2017, 12:20:14 am »
Hi guys.  I really tried to do my homework.  I have been through the troubleshooting guides, other posts, and tried this on different installs, but I am stumped.  This is something I used to do with DD-WRT, and I have since tried it on 3 different pf installs (meaning I tried going back to vanilla install to rule out anything else).

I have a truly public IP on the WAN, and LAN is 10.10.10.X.  Using 2.4.0

I can successfully port forward 80 at the WAN IP to 80 on an internal IP. 
I can successfully port forward 443 at the WAN IP to 443 on an internal IP.
I can successfully port forward 3389 at the WAN IP to 3389 on an internal IP.
You get the picture.

Now, I CANNOT ssh to non-standard port and TRANSLATE to standard port inside.  Example: ssh -p 22345 <external IP>
I can SSH successfully to this host from inside the LAN, but not through this translation.  I can even see the systemlog Firewall show a green checkmark, but nothing seems to actually be making it to the server itself.

Been doing SSH for years.  Nothing is actually reaching the server (when trying to go through the port).  Ironically, I can get shell on pf and ssh just fine using standard port.  The server is running standard port 22.  I was translating fine with a DD-WRT setup prior to putting pf in its place.  As stated above, I can ssh to this server on 22 from inside.  And I could ssh to non-standard port until I switched to pf. 

Here is what I have setup (having gone back and tried different this and thats but none working)
WAN TCP * * WAN Address   22345   10.10.10.6   22   ssh-rule
IPv4 TCP * * 10.10.10.6   22   * none   ssh-nat

I would love some help.  I thought maybe there was an extra step since translation was involved, but nothing I have tried makes a difference, and I couldn't find any documentation that suggested it needed anything more.

Offline nowell29

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Port Forwarding Working, Port Translation Not
« Reply #1 on: November 06, 2017, 10:07:54 pm »
Have I stumped you all?  :)

I would love some feedback if anybody has some ideas. 

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14276
  • Karma: +1329/-191
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Port Forwarding Working, Port Translation Not
« Reply #2 on: November 07, 2017, 10:13:44 am »
So your just wanting to hit 22345 on your wan, and then send that to 22 on 10.10.10.6

Yeah that should work clickity clickity.. You have validated that 22345 is actually hitting your wan?  Maybe its not allowed out from where your trying to ssh from?  That would explain why your other standard ports work.  Those are allowed out, but this 22345 is blocked?

did you make sure that 22345 was not locked up in a state already?  After you created your forward on pfsense?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.1-RELEASE on VM esxi 6.5 (home)