Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding failed due to different GW configured

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 987 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrcola
      last edited by

      Hi

      Could you please advise if I will be able to achieve the following

      Port forwaring in Pfsense is used to allow RDP connection to a windows box. However the default gateway of the windows is not set to the PFsense LAN IP. Instead it is configured to use a LAN IP of a Linux on the same subnet.

      There are NAT rules set on the linux box and the action is return. Therefore Windows can access the Internet without any issue.

      It is understood that the port forwarding will not be functioning and I would like to know if there is any workaround either on the linux or pfsense itself

      Thank you in advance

      PFSENSE.gif
      PFSENSE.gif_thumb

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Why would you have it setup like that - why are you using linux as the gateway?  For what reason??

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          mrcola
          last edited by

          Well, long story in short, due to the censorship of the internet of my lovely country, I have to run shadowsocks redirection service as an additional gateway on a linux box to handle certain traffic.

          I can replace my home router to something which has shadowsocks built-in, however pfsense is still my first choice.

          Thanks and Regards RW

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Couple ways to solve your problem - but in general your setup is not optimal..

            You would need to host route on the box your trying to rdp too.  Problem is you need to know the source IP you would be coming from.  2nd option is to source nat the port forward so it looks like its coming from pfsense interface in the lan network.

            BTW port forwarding remote desktop, ie open from the internet is not a very good idea.  If you want to get to machine on your network while your remote - vpn in.  Then since your device is not using pfsense as a gateway set up a route on that host to point to pfsense to get to whatever your vpn network is when you set it up.

            Why don't you setup pfsense as your default gateway and route from your host to your linux box for specific traffic?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • M
              mrcola
              last edited by

              Hi johnpoz

              Thanks for your explanation. I just would like to connect from my working which has a static IP, therefore there are rules to control the RDP traffic.

              Your replies give me ideas which I missed in the first place. Thank you and a big thumb up. Could you please explain a bit more regarding the source NAT option, shall I do that on the PFsense box or anywhere else. Any related articles will be helpful

              Cheers and Regards RW

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Source nat would be done on pfsense.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.