How to connect external RDP server through pfsense
-
Hi, I have setup LAN with pfsense. I can't connect to my RDP server which is on another LAN, through my pfsense.
Please help me to solve this. -
Do you have appropriate firewall rules in place? How are you attempting to access the RDP server? By IP?
More info please. :)
Steve
-
Thanks steve,
Yes by IP.
I use default allow LAN to any rule.
Squid with no transparent mood
Port forwarding all http(80) traffic to my proxy portkosala
-
Does the RDP server have a route back to your client?
-
Yeah, I can connect it through a internet dongle.. :)
-
It needs a route back to the client through pfSense (assuming you're doing LAN to LAN routing - you're not being very clear).
-
Can you please tell me how to route bak.
I'll attach screen shots of my current conf![lan rules.png](/public/imported_attachments/1/lan rules.png)
![lan rules.png_thumb](/public/imported_attachments/1/lan rules.png_thumb)
-
My RDP server is on another country. so I access it through a public IP.
I can ping to that ip through my pfsense. but I can't rdp to it. -
172.16.1.1 is the private IP of the machine you wish to remote into or is that the IP of the distant pfsense LAN?
Also, are those rulees on your local pfsense or on the distant pfsense with the machine you wish to RDP into?
-
no it's my local pfsense gateway.
should I use my private ip therethey are all my local pfsense configs.
-
Those port forwards need to be on you distant pfsense. The pfsense that the machine you want to RDP into is on.
Also you need to be sure that the port forward is pointed to the private IP of the computer you wish to RDP into.On your end, you just open your RDP client and enter the public IP of the far away pfsense. Pfsense will forward to the IP of the computer running RDP. Understand?
Your local pfsense needs NO special rules or port forwards. Your pfsense should be "vanilla". Just plain config.
Also, you probably don't want to proxy RDP traffic. Just forward it directly to the computer/server you wish to remote into.
-
Also you probably don't want to have http traffic forwarded to an internal proxy. That effectively creates a public proxy.
Steve
-
Yep… Unless you want to be famous for hacking... haha
-
Thanks kejianshi, Steve..
Yes you were right.. vanilla pf worked. So I factory reset my pf and tested. then I add my rules one by one without unnecessary rules ;) -
Cool - Glad its up.