Port forward to internal LAN server for SSH

Hello All,

Ran into a problem to SSH into my local LAN-connected server across VLAN as setup below:
Screen Shot 2020-12-28 at 9.18.57 pm

I do have both computers route through different VPN connections. For some reason I just can’t get SSH running between the two.

I don’t think I need port forwarding as I can Test Port on pfSense to reach the server via LAN interface as source. In addition, I can’t ping my server as well.

Any help is greatly appreciated! Thanks.

Cheers,
Eric

You have to have rules that allow the traffic to pass between the networks.

And the ICMP protocol if you want to ping.

Thanks Tom. Could you please elaborate? Where should the specific rules reside?

The rules currently deployed in my firewall:

  1. iMac, which is managed under LAN rules, can go everywhere (BTW, no VLAN for LAN network);
  2. Server, which is managed under VLAN 2 rules, can also go everywhere but LAN network.

Do I need to be more specific to set up rules under LAN and VLAN2 to allow SSH traffic?

By the way, am I correct that this doesn’t require port forwarding even though they are connected to different VPN gateways?

Apologies if my questions don’t make any sense … fairly new to networking …

Cheers,
Eric

Thanks neogrid. I don’t know what the protocol is about, I will look it up.

Cheers,
Eric

Does the iMac need to SSH to the server? If so, go to your VLAN1 interface and create a rule for TCP traffic to source from the VLAN1 net to reach the VLAN2 net or specific address of the server.

Thanks Fred!

The rules currently deployed in my firewall:

  1. iMac, which is managed under LAN rules, can go everywhere (by the way, no VLAN is configured for LAN);
  2. Server, which is managed under VLAN 2 rules, can also go everywhere but LAN network.

I also added passing rules on both LAN and VLAN2 interfaces to allow the SSH connection but it still doesn’t work …

I am really confused here …

Cheers,
Eric

Can you provide a screenshot of the rules for both interfaces?

Thanks Fred!

Please see LAN rules below:

Please see Server (i.e. VLAN2) rules below:

Please see Test Port screenshot below:

The part I am confused is why Test Port to server is successful from LAN but iMac can’t connect to the server.

BTW, there are no rules under both SERVERVIAVPN & DEVICESVIAVPN interfaces.

Thanks a lot for your help.

Cheers,
Eric

I think it is the server. I would put another device on the same network and see if it works. If it doesn’t, you know it is the server since local traffic wouldn’t have to pass through the firewall.

Thanks Fred!

I have removed VLAN and moved server to be on the same network as iMac. As a result, everything works fine.

This has left me very confused …

I don’t know what rules should I create to which interface in order to let LAN and VLAN talk … or is it an iMac issue where I should configure something …

Any help is greatly appreciated! Thanks.

Cheers,
Eric

It’s definitely the firewall. First, try disabling the second rule on the SERVER interface where you are blocking SERVER net from reaching LAN net. If it has an issue try to add a rule at the top on the LAN interface for IPv4 traffic from LAN net to SERVER net and let’s see what happens. Also, when you move the server back, make sure it can ping the IP of the interface. You may need to add a rule for ICMP from each respective network.

Thanks Fred!

I have gone back to to the drawing board and built set my firewall from scratch. I noticed that I can no longer connect to Server as soon as OpenVPN service is up and running.

I am not sure if anyone else has similar problem.

Cheers,
Eric