Port Forwarding to Multiple server
-
Hello everyone,
Here is my Network Diagram. Please refer the attachment.
I have two Pfsense boxes, one acting as Load Balancer(Box A) and another as Proxy and VPN server(Box B). I would like users connecting from WAN IP x.x.x.x (WAN A) to rdp to Win Server connected to LAN A and users connecting from WAN IP y.y.y.y (WAN B) to rdp to Win Server connected to LAN B.
How do I go about this.
with regards,
Ashima
-
Put a port forward on WAN A to LAN A server and a port forward on WAN B to WAN B Server.
Unless you have your Proxy/VPN server doing NAT (which would be silly), in which case you would need to port forward there too.
-
Thanks Derelict for the quick reply. But I am still confuse.
Please refer network diagram in the attachment. WAN A and WAN B are connected to pfsense box A, whereas LAN A And LAN B are connected to pfsense box B.
So in Box A any rdp from WAN A or WAN B is port forwarded to Box B.
I am sorry if I am sounding dump…. but how will box B distinguish packet coming from WAN A or WAN B... Box B sees Box A as its WAN connection.....
regards,
Ashima -
Hi Derelict,
After re reading your solution… I realised that my 2nd box (Box B Proxy/VPN server) is indeed Natting.... so how should I go about it. Can I Bridge the Lan of Box A to WAn of Box B. How do we go about it in pfsense.
Thank you
Ashima -
I would just disable NAT there. Firewall > NAT, Outbound.
Either turn it off at the top or set to manual and disable or delete the rules.
https://doc.pfsense.org/index.php/Outbound_NAT
-
Got it I would disable Natting in the 2nd pfsense box (Box B).
Do I also have to enable the firewall rule to allow all packets to pass through the WAN interface of Box B. Can you please help in that.
regards,
Ashima -
Yeah. You can probably just get away with a pass any any rule there like the default rule on
WANLAN. It's an inside router.You can also just turn on routing-only (disables pf entirely) System > Advanced, Firewall & NAT Disable firewall. In that mode you lose everything: shaping, NAT, etc.
-
Thanks Derelict for the response. Yes I think go with first option. I'll enable pass any rule in the WAN interface.
I think I'll not opt for second option as I'll be using captive portal for LAN A users and later I am planning to introduce Traffic Shaping to prioritize VOIP.
Thanks
Ashima
