Opening remote desktop



  • I appologize ahead of time for adding to the stacks of RDP questions, but I have looked at docs and videos and I cannot get RDP through pfsense. Here are the steps I followed. Please let me know if I missed something.

    1. Set up a virtual IP so that I have an external IP to use in 1:1 mapping to the internal IP of the machine I want to connect to.

    2. Set up a NAT 1:1 entry matching my virtual IP to the internal IP of the machine.

    3. Set up a port forwarding rule.
        a. Interface is WAN
        b. Protocol is TCP/UDP
        c. Destination I chose the virtual IP I created from the drop down box.
        d. Chose MS RDP for the destination port range.
        e. Input the internal IP of the machine for the redirect target IP.
        f.  Chose MS RDP for redirect target port.
        g. Checked to make sure a NAT firewall rule was created.

    After all of this I still cannot connect using the virtual IP created. I can ping the virtual IP. I can connect to the machine using the local IP address using RDP. I have not tried to connect off of the local network yet but that should not matter. If I use the virtual IP on the LAN it should just shoot me out and right back in. I can connect to the pfsense web gui from the local network using the WAN IP address. Any ideas on what I have messed up?



  • You don't need a 1:1 NAT since RDP is a single port.  A single port forward will do.  Are you testing from WAN or LAN?  Post your NAT and WAN rules as that way we can see what you're really done and not what you've said you've done.



  • Attached are screenshots of a rule and nat for RDP. I have used the virtual IP to keep things the same as my old firewall was and so I can use the default RDP port when remoting in. I have several machines that I have set up and don't want to have to remember the port assigned to each one.



  • You forgot the images…



  • Uugggghhh. It was a long week last week and this one is not looking any better. Here they are.






  • I think I have this fixed. I haven't tested it outside of the network but I can get to the WAN virtual port from inside which I couldn't do before. I had to turn on NAT reflection.



  • NAT Reflection is one way to do it, but it's generally not recommended.  Always test your port forwards from the WAN side.  I find my phone is quite handy for such testing, and there is an official RDP app from MS for Android, for example..


Log in to reply