New Azure pfSense VM - problem opening ports

  • I have setup pfSense on Azure with a single NIC.

    The 3 default rules are added automatically:

    Allow 22, 443 and 80

    If I check if these ports are open , it shows as open.

    If I add another rule to allow RDP (3389) port, no matter what I do it still shows that the port is closed yet the log shows that the rule was hit and was allowed?

    What am I doing wrong?

  • Nothing on the firewall itself is going to answer 3389, so adding a rule to pass it will do nothing. What are you attempting to do? If you want to send RDP to another host, you need a port forward entry to tell it where to send it.

  • I have a port forward in place yet nothing I try actually allows me to RDP into the server.

    Would it be that it is because of the single NIC that the Azure server has. I wouldn't think so.

    I have noticed that the log shows that the rule is working, it just seems like the port forward isn't.

    ![Firewall Log.png](/public/imported_attachments/1/Firewall Log.png)
    ![Firewall Log.png_thumb](/public/imported_attachments/1/Firewall Log.png_thumb)

  • The target VM I'm sure isn't pointing to the WAN IP as its default gateway. You'll either have to source NAT that traffic via outbound NAT, or change the target server's default gateway. The former, while in most circumstances wouldn't be the most desirable option, might be the best option for Azure.

  • Sorry for sounding like a complete idiot but I'm new to all of this.

    What do you mean by "You'll either have to source NAT that traffic via outbound NAT"

    Thanks so much for assisting with all of this.

  • Firewall>NAT, Outbound. Switch to hybrid mode. Add a rule, interface LAN, source any, dest, dest port 3389, all else at defaults. Save and apply changes.

  • Great thanks so much. Worked like a charm.

Log in to reply