4. Port Forwarding to Multiple server

Port Forwarding to Multiple server

  • A

    Hello everyone,

    Here is my Network Diagram. Please refer the attachment.

    I have two Pfsense boxes, one acting as Load Balancer(Box A) and another as Proxy and VPN server(Box B). I would like users connecting from WAN IP x.x.x.x (WAN A) to rdp to Win Server connected to LAN A and users connecting from WAN IP y.y.y.y (WAN B) to rdp to Win Server connected to LAN B.

    How do I go about this.

    with regards,
    Ashima


    0
  • LAYER 8 Netgate

    Put a port forward on WAN A to LAN A server and a port forward on WAN B to WAN B Server.

    Unless you have your Proxy/VPN server doing NAT (which would be silly), in which case you would need to port forward there too.

    0
  • A

    Thanks Derelict for the quick reply. But I am still confuse.

    Please refer network diagram in the attachment. WAN A and WAN B are connected to pfsense box A, whereas LAN A And LAN B are connected to pfsense box B.

    So in Box A any rdp from WAN A or WAN B is port forwarded to Box B.

    I am sorry if I am sounding dump…. but how will box B distinguish packet coming from WAN A or WAN B... Box B sees Box A as its WAN connection.....

    regards,
    Ashima

    0
  • A

    Hi Derelict,

    After re reading your solution… I realised that my 2nd box (Box B Proxy/VPN server) is indeed Natting.... so how should I go about it. Can I Bridge the Lan of Box A to WAn of Box B. How do we go about it in pfsense.

    Thank you
    Ashima

    0
  • LAYER 8 Netgate

    I would just disable NAT there. Firewall > NAT, Outbound.

    Either turn it off at the top or set to manual and disable or delete the rules.

    https://doc.pfsense.org/index.php/Outbound_NAT

    0
  • A

    Got it I would disable Natting in the 2nd pfsense box (Box B).

    Do I also have to enable the firewall  rule to allow all packets to pass through the WAN interface of Box B. Can you please help in that.

    regards,
    Ashima

    0
  • LAYER 8 Netgate

    Yeah. You can probably just get away with a pass any any rule there like the default rule on WAN LAN. It's an inside router.

    You can also just turn on routing-only (disables pf entirely) System > Advanced, Firewall & NAT Disable firewall. In that mode you lose everything: shaping, NAT, etc.

    0
  • A

    Thanks Derelict for the response. Yes I think go with first option. I'll enable  pass any rule in the WAN interface.

    I think I'll not opt for second option as I'll be using captive portal for LAN A users and later I am planning to introduce Traffic Shaping to prioritize VOIP.

    Thanks
    Ashima

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy