Setting up NAT to perform RDP
-
Yes, it's pretty simple.
https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server
https://doc.pfsense.org/index.php/OpenVPN_Client_Export_Package
-
Created a WAN and LAN rule for the meantime with "any" for the source/destination and ports, etc, in short all are set to any
You hopefully deleted that already - at least from WAN!?
-
Guys, just an update, yesterday was still working fine. Internet connection and RDP. My colleague (mid shift) turned off the computer yesterday. This morning when I arrived the office, kind of weird that the computer hass no internet connection. So I doubted the NAT activity yesterday and I disabled the NAT 1:1 rule first then the internet connection's back. But when I enable it again, internet's down again.
Any clues?
Thanks
jepoy -
why do you have a 1:1 nat??? At no point is 1:1 nat need or desired for rdp access..
-
Basically the purpose of this NAT is just to point a WAN IP to a local IP and just for trial experimental so as to practice NAT. And one sample of services running on this NAT is rdp.
Thanks
jepoy -
well are you doing 1:1 or port forward.. To be honest a 1:1 nat is not something normally desired.. Once you you do a 1:1 nat you can for sure limit that with firewall rules. But normally boxes have a limited number of ports needed inbound from the public so its just easier to control and maintain with simple port forwards.
-
I understand, I just simply want to try it out but thanks really for the advice. Yep, I've been trying to perform 1:1
Thanks
jepoy -
"I've been trying to perform 1:1"
So you have 1:1 setup and then other port forwards as well.. This doesn't play nice together. You either do 1:1 or you port forward not a combination of both to the same IP? To be honest if you have 1 IP and you want to forward to other machines its confusing to setup 1:1 so you setup 1:1 and that says all unsolicited go to 192.168.1.100, but then you try and forward port 80 to 192.168.1.101 ?? etc..
Do you have multiple public IPs where you could use 1 for your napt for all your other boxes. And for public IP 2 you tie this to a 1:1 nat for 192.168.1.100 etc..
If your flipping stuff around between port forward and 1:1 did you check your state table if your saying stuff is not working? But again 1:1 is not a very common need..
-
No port forward. Yes I have multiple IP's since we're on a /29 block
thanks
jepoy -
So you setup vip on one of your other IPs in your /29 and setup the vip on that and setup the outbound nat for that box your doing 1:1 nat to to use that vip?
If you are going to do port forwarding with your other IPs, you want to make sure that your answering are going back via the correct IP, etc. If I recall pfsense will auto do it correctly - but if your having issues you need to verify..
So you created all of the vips for your IPs in the /29 ??