How to connect external RDP server through pfsense

stephenw10

Do you have appropriate firewall rules in place? How are you attempting to access the RDP server? By IP?

More info please. :)

Steve

kosala4

Thanks steve,

Yes by IP.
I use default allow LAN to any rule.
Squid with no transparent mood
Port forwarding all http(80) traffic to my proxy port

kosala

kathampy

Does the RDP server have a route back to your client?

kosala4

Yeah, I can connect it through a internet dongle.. :)

kathampy

It needs a route back to the client through pfSense (assuming you're doing LAN to LAN routing - you're not being very clear).

kosala4

Can you please tell me how to route bak.
I'll attach screen shots of my current conf

![lan rules.png](/public/imported_attachments/1/lan rules.png)
![lan rules.png_thumb](/public/imported_attachments/1/lan rules.png_thumb)

NAT.png_thumb

kosala4

My RDP server is on another country. so I access it through a public IP.
I can ping to that ip through my pfsense. but I can't rdp to it.

kejianshi

172.16.1.1 is the private IP of the machine you wish to remote into or is that the IP of the distant pfsense LAN?

Also, are those rulees on your local pfsense or on the distant pfsense with the machine you wish to RDP into?

kosala4

no it's my local pfsense gateway.
should I use my private ip there

they are all my local pfsense configs.

kejianshi

Those port forwards need to be on you distant pfsense. The pfsense that the machine you want to RDP into is on.
Also you need to be sure that the port forward is pointed to the private IP of the computer you wish to RDP into.

On your end, you just open your RDP client and enter the public IP of the far away pfsense. Pfsense will forward to the IP of the computer running RDP. Understand?

Your local pfsense needs NO special rules or port forwards. Your pfsense should be "vanilla". Just plain config.

Also, you probably don't want to proxy RDP traffic. Just forward it directly to the computer/server you wish to remote into.

stephenw10

Also you probably don't want to have http traffic forwarded to an internal proxy. That effectively creates a public proxy.

Steve

kejianshi

Yep… Unless you want to be famous for hacking... haha

kosala4

Thanks kejianshi, Steve..
Yes you were right.. vanilla pf worked. So I factory reset my pf and tested. then I add my rules one by one without unnecessary rules ;)

kejianshi

Cool - Glad its up.