Having issues in accessing Pfsense using SSH

#1

I have followed tom’s video for doing this :
Remotely Managing pfsense via SSH Tunneling - YouTube

I have followed every steps shown in this video but whenever I try to connect to my SMB pfsense from my home network it says error connection refused.

I am using my smb’s public ip and custom port in putty to connect with my smb pfsense router.

My isp is providing connection through pppoe, So can it make any problem in doing this ??

#2

I am not clear from your post, but does pfsense get a public IP from your ISP?

#3

Yes it is getting public ip and everything else is working fine on my network!!
But my main aim is to manage pfsense gui from my home.

#4

First turn on SSH then open up the port. If that does not work check the firewall logs.

1 Like
#5

I had turned it on but still not able to access it…and my firewall log it says nothing to show.

#6

Did you create the WAN firewall rule with the destination set to “This Firewall”?

1 Like
#7

Yes i did !! Do i share my configurations screenshots ??
One more thing I am able to ping my SMB’s public ip.

#8

My Pfsense Configuration Images :

pfsense1
pfsense11366×728 22.9 KB
Pfsense
Pfsense1366×728 28.8 KB

For sake of my mind that my home router is not creating any problem this is the screenshot of firewall settings :

Screenshot from 2021-01-31 10-10-42
Screenshot from 2021-01-31 10-10-421366×698 62.5 KB

This is the terminal screenshot in which i can ping my smb’s public ip but not able to communicate through SSH :

Screenshot from 2021-01-31 10-12-31
Screenshot from 2021-01-31 10-12-31866×581 114 KB

Also checked in services that Secure Shell Daemon is running !!

1 Like
#9

Weird, perhaps your ISP is blocking inbound ports

1 Like
#10

I have run this command pfctl -sr to check my firewall rules in which I can see two block rule which is blocking SSH.

block drop in log quick proto tcp from to (self) port = 22** label “sshguard”
block drop in log quick proto tcp from to (self) port = 10*** label “GUI Lockout”

#11

ISP`s are often guilty of some, umm, interventions, on the consumer firewall.
i understand your pain personally my friend.

1 Like
#12

thank you brother but I am really trying hard to figure this thing out .
I think I need to contact my ISP about this, but before that I am trying to figure out the things which is been blocked by firewall rules…

#13

Np. Same here man. ill let you know if i uncover anything juicy

#14

@LTS_Tom did you find anything for this

#15

Does this https://www.canyouseeme.org/ see the port open?

1 Like
#16

pfsense3
pfsense31366×728 20.3 KB

It shows it is refusing and I also contacted my ISP and they said they do not use any type of firewall and all the ports are open from their side.
I think sshguard is making problem,it is overriding the allow rule and blocking the connection on specified for SSH and GUI ports on WAN.

We need to find a way to disable sshguard .

Sharing one more screenshot for refence of showing sshguard is blocking things:

Sshguard
Sshguard1365×424 11.9 KB

#18

personal update, i shall have my results within 24 hours. :slight_smile:

1 Like
#19

Better make that this 72 hours as it’s been really busy at my day job :chart_with_upwards_trend:

1 Like
#20

I found the solution !!! Finally
People whose ISP uses pppoe method have two different types of IP’s , One is Static and another is Dynamic.
It doesn’t matter that your public ip doesn’t change anytime but if it is in the series of Dynamic ip’s by default it will block all the incoming ports at isp’s router/firewall.

Solution is simple: Just pickup the phone ,call your isp and ask them; Is my ip dynamic or static?? If replies dynamic so just ask them to allot you an static ip and boom!! problem will be solved…

Thank you so much everyone for replying to my answers :pray:

1 Like
#21

Situation resolved good job guys