I have a SmartOS with a public IP and a Debian as a VM. For accessing the VM directly, an ipnat-rule is set to forward port 2222 to the vm on port 22. Connecting via SSH works fine for me.
But when a client tries to login, he gets timed out. Also, after he tried, i do get a timeouts when trying to connect.
While that, i still can connect to the other VMs and also can connect from the SmartOS itself, only the ipfilter-route doesn't work anymore.
I tried changing the port at the ipnat rulefile, restartet the ipfilter service, turned off iptables on the vm, searched through tcpdump on the vm and restarted the VM.
Only a reboot of the SmartOS itself helps.
The problem is, that the client needs to connect via SFTP to that VM, so i cant just say "login over the SmartOS itself" and that i dont understand, how that generally can be.
The Rule for that VM-Routing:
rdr e1000g0 from any to <public-ip> port = 2222 -> 10.99.23.11 port 22 tcp
