Problems forwarding TCP 3389 to multiple virtual IP's

awesomo · May 12, 2011, 6:47 PM

I have a /29 from my isp and entered in all the vip's as proxy arp as single addresses.

I have two servers that are running remote desktop:

192.168.1.1 tcp 3389 >>>> 234.148.x.42 pfSense ip

192.168.1.20 tcp 3389 >>>> 234.148.x.45 VIP

When I setup nat for them (one tied to the pfsense ip, another tied to a vip), pfSense automatically sets up the firewall rules. It creates a separate rule for each one to open TCP 3389 from any source. The issue is, whichever rules appears first, that is the only server that works. If I change the rule to allow 3389 to the entire lan subnet, both external ip's work as expected and forward to the correct server.

I don't feel I should have to open the entire lan subnet for this to work. I also understand that first matched rule wins. I did check the firewall log and saw nothing about blocked connections.

Is there something I could be doing differently?

jimp · May 16, 2011, 6:07 PM

Post screenshots of exactly how your NAT and firewall rules look. Without that, it's hard to even speculate what might be going wrong.