Firewall rule to map port 22

thanks for helping this is the rule i created. my gitlab server is on ip
and still not working

That last rule you showed will not work, gitlab must be in the destination address field. Just to be clear since we can not see your other rules, you can only have port 22 used once coming in from the firewall, if you have any other rules for 22 enabled this will not work, if that is the case you will have to use External Port (NAT) option and select an unused port such the example I showed using port 22556 but change the destination to gitlab.

I made an example, this should work as long as there is no other rule using port 22.

i haven’t any other port 22 rule setted

with those settings i can’t get it

Rule 17 looks fine, are you sure nothing is blocking port 22 on gitlab machine such as SElinux on Fedora or iptables?
Maybe check the box in the rule to enable logging and see if it offers clues.
I see you run a few games servers, Left 4 dead and so on I guess, but so many rules with source Any, maybe not the best choice, I run anywhere from about 7 to 20 game servers at a time from home, you may consider using the firewall groups section to specify (Services) and (service groups) it will help clean up your rulesets.
Just a quick example of mine for you.

Looks like Firewall rule #1 and Incoming Firewall rule #3 are conflicting,
Maybe disable rule 3 and try rule #1 at the top, so are you trying to SSH in from Red or through OpenVPN ?

Thanks for helping. what i’m try to do is to have a firewall rule that allow ssh connection from external internet clients to internal gitlab server.

You had said before

i’m trying to add a firewall rule on port 22 to reach one of my green network host.
the strange fact is i can use external port 222 to reach port 22 in my host, but i can’t trought external port 22

Have you tried to access anything else on your internal network on port 22 such as IPFire or something that is not the Gitlab server?

Do you have a combination modem router connecting IPFire to the Internet?
I am wondering if so is the modem/router listening for port 22 grabbing it before it gets to IPFire?

well i checked firewall on router and it is disabled. i setted red ipfire’s interface as DMZ.
i have not clue if port 22 is operator locked or already used by router himself.
I will try to set a test rule to access port 22 of ipfire himself from outside

I forgot about some providers locking ports, your doing your homework I see.
Setting the modem to DMZ for IPfire may also be the fix, good work.
Let me know the results please.

sorry i didn’t understand how to do that.

So on the modem/router at this point I assume is a combined unit?

In the modem likely you need the firewall disabled, I think people have called it modem only mode, bridge or even pass through modes, then you would have to rely on ipfire as the firewall, the only one.

Maybe if you list the country you are in, who your internet provider is along with modem name and model someone familiar with your setup can give a hand, I’m guessing at this point.

As an example a few internet providers here in United States block incoming ports 22, 80 and 443, they assume you are running a business on a home account and want you to buy the business class account to use those ports.

From what I can tell IPFire firewall rules looked good the last time you posted them, they should work in my opinion, you may have to contact your provider to find out why it is not working.