I can ssh via WAN but not LAN

[ayezee33]

Hello,

I did a search here/Google and have found plenty of people struggling to connect via WAN. I have the opposite problem. My connect times out when trying to connect via LAN.

I am using a Model B connected via Ethernet. I am running pfSense (both pi and firewall are newest versions) and have a NAT rule established for port forwarding on 22. I have my sshd configured right (I think) because when I turn wifi off on my phone I can ssh in no problem. I also can connect from work.

Any thoughts? Links? Places for me to start looking?

Thanks

[ayezee33]

Sorry to waste space on the boards, but I am going to answer my own question and maybe this will help someone else out.

I found that it has to do with NAT reflection. I found an article describing my problem and then went into pfSense under
Systems>Advanced>Firewall/NAT and selected NAT+proxy

I can now SSH into my pi.

[ayezee33]

Maybe I didn't fully understand the issue and situation. Now when I try this it will not work. I will report back when I figure it out.

[drgeoff]

Yes, some routers have this NAT reflection issue. From a device on the LAN you try to access another device on the LAN by using the WAN IP address and port forwarding on the router. If it does not work because the router is the problem there is nothing on the RPi you can do to make it work.

[cpc464]

Hi I think this is called "SSL hairpinning" and some routers (eg BT Home Hubs) disable it as a security measure. It is not a bug, it is a feature.

[cpc464]

Just to add, you can use the home network address (192.168...) and it should work from home. But use your external facing IP address and the router will block it.

[ayezee33]

I figured out what it was. As mentioned I have pfsense running and it does all my routing as well.

I was trying to make a Firewall Rule for the WAN when in reality if you do a NAT/port forward it automatically creates the rule and worked for me.