Port Forwarding to Multiple server

  • Hello everyone,

    Here is my Network Diagram. Please refer the attachment.

    I have two Pfsense boxes, one acting as Load Balancer(Box A) and another as Proxy and VPN server(Box B). I would like users connecting from WAN IP x.x.x.x (WAN A) to rdp to Win Server connected to LAN A and users connecting from WAN IP y.y.y.y (WAN B) to rdp to Win Server connected to LAN B.

    How do I go about this.

    with regards,

  • LAYER 8 Netgate

    Put a port forward on WAN A to LAN A server and a port forward on WAN B to WAN B Server.

    Unless you have your Proxy/VPN server doing NAT (which would be silly), in which case you would need to port forward there too.

  • Thanks Derelict for the quick reply. But I am still confuse.

    Please refer network diagram in the attachment. WAN A and WAN B are connected to pfsense box A, whereas LAN A And LAN B are connected to pfsense box B.

    So in Box A any rdp from WAN A or WAN B is port forwarded to Box B.

    I am sorry if I am sounding dump…. but how will box B distinguish packet coming from WAN A or WAN B... Box B sees Box A as its WAN connection.....


  • Hi Derelict,

    After re reading your solution… I realised that my 2nd box (Box B Proxy/VPN server) is indeed Natting.... so how should I go about it. Can I Bridge the Lan of Box A to WAn of Box B. How do we go about it in pfsense.

    Thank you

  • LAYER 8 Netgate

    I would just disable NAT there. Firewall > NAT, Outbound.

    Either turn it off at the top or set to manual and disable or delete the rules.


  • Got it I would disable Natting in the 2nd pfsense box (Box B).

    Do I also have to enable the firewall  rule to allow all packets to pass through the WAN interface of Box B. Can you please help in that.


  • LAYER 8 Netgate

    Yeah. You can probably just get away with a pass any any rule there like the default rule on WAN LAN. It's an inside router.

    You can also just turn on routing-only (disables pf entirely) System > Advanced, Firewall & NAT Disable firewall. In that mode you lose everything: shaping, NAT, etc.

  • Thanks Derelict for the response. Yes I think go with first option. I'll enable  pass any rule in the WAN interface.

    I think I'll not opt for second option as I'll be using captive portal for LAN A users and later I am planning to introduce Traffic Shaping to prioritize VOIP.


Log in to reply