RDP to secondary LAN
-
Hello all,
Got a head scratcher (probably just from going cross eyed staring at rules).
I have a box with 1 WAN nic to a FTTP connection, 1 LAN nic with DHCP (192.168.4.x) and a 2nd LAN nic that i've added after the fact for a separate network with a single PC on it (192.168.28.x).
At first i had network issues then realised i needed to add some default allow rules as don't get added and i've created rules to stop LAN1 talking to LAN2 and viceversa. From there i then tested that i could ping good old google DNS from that LAN using the diagnostics, all good.
My issue is i want to be able to RDP to the solo box on 3389 from a specific IP or DyDNS entry, i have created an alias group for these addresses but then i'm not sure how to create the NAT/firewall rule to go to the correct LAN, on another box i have setup RDP no problem but this is bugging me so any advice gratefully received.
Currently the rule looks like this:-
Int WAN > Pro TCP > SRC add aliasIPs > SRC Port * > Dest add WAN address > Dest Port 3389 > NAT IP 192.168.28.2 > NAT Port 3389
-
Your best option is to run a VPN and use the RDP connection on top of that.
-Rico
-
@rico Thank you for the quick reply.
I'm still learning PFsense so as much as that would solve the RDP issue it may not be suitable for other things, originally i had 2 connections one FTTP and a 4G to 2 routers which i binned off for the single box solution for my live/test environment due to 4G drop outs where i live.
The second LAN is just where i test things (web hosting, SFTP etc) while i learn and understand how pfsense rules work i want to test NATing things like 443 and 80 for web hosting.
Again sorry if i'm being really stupid about how i'm going about this. Much more in depth than the Netgear I had.
-
Did you check and follow https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html ?
-Rico
-
@rico said in RDP to secondary LAN:
https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html
I did use that but my confusion came from that refers to a 1 WAN 1 LAN so was unsure if i needed to do anything different when it comes to 2 LAN.
-
@f022y pfSense should just figure out where the destination is.
However are you trying to connect from the Internet, or from LAN1? If from "inside" you may need reflection.
-
@f022y said in RDP to secondary LAN:
Currently the rule looks like this:-
Int WAN > Pro TCP > SRC add aliasIPs > SRC Port * > Dest add WAN address > Dest Port 3389 > NAT IP 192.168.28.2 > NAT Port 3389The rule looks well. Should work.
Did you also set a "Filter rule association"? -
Sorry been away so not been back.
I decided to try it and restricted to the IP I got from my mobile phone provider and it worked a charm. I guess that PFsense doesn't care about the inbound interface (by this i mean the NIC being presented internally) as pointed out by SteveITS
