Port Forwarding to Multiple server

ashima

Hello everyone,

Here is my Network Diagram. Please refer the attachment.

I have two Pfsense boxes, one acting as Load Balancer(Box A) and another as Proxy and VPN server(Box B). I would like users connecting from WAN IP x.x.x.x (WAN A) to rdp to Win Server connected to LAN A and users connecting from WAN IP y.y.y.y (WAN B) to rdp to Win Server connected to LAN B.

How do I go about this.

with regards,
Ashima

Derelict

Put a port forward on WAN A to LAN A server and a port forward on WAN B to WAN B Server.

Unless you have your Proxy/VPN server doing NAT (which would be silly), in which case you would need to port forward there too.

ashima

Thanks Derelict for the quick reply. But I am still confuse.

Please refer network diagram in the attachment. WAN A and WAN B are connected to pfsense box A, whereas LAN A And LAN B are connected to pfsense box B.

So in Box A any rdp from WAN A or WAN B is port forwarded to Box B.

I am sorry if I am sounding dump…. but how will box B distinguish packet coming from WAN A or WAN B... Box B sees Box A as its WAN connection.....

regards,
Ashima

ashima

Hi Derelict,

After re reading your solution… I realised that my 2nd box (Box B Proxy/VPN server) is indeed Natting.... so how should I go about it. Can I Bridge the Lan of Box A to WAn of Box B. How do we go about it in pfsense.

Thank you
Ashima

Derelict

I would just disable NAT there. Firewall > NAT, Outbound.

Either turn it off at the top or set to manual and disable or delete the rules.

https://doc.pfsense.org/index.php/Outbound_NAT

ashima

Got it I would disable Natting in the 2nd pfsense box (Box B).

Do I also have to enable the firewall rule to allow all packets to pass through the WAN interface of Box B. Can you please help in that.

regards,
Ashima

Derelict

Yeah. You can probably just get away with a pass any any rule there like the default rule on ~~WAN~~ LAN. It's an inside router.

You can also just turn on routing-only (disables pf entirely) System > Advanced, Firewall & NAT Disable firewall. In that mode you lose everything: shaping, NAT, etc.

ashima

Thanks Derelict for the response. Yes I think go with first option. I'll enable pass any rule in the WAN interface.

I think I'll not opt for second option as I'll be using captive portal for LAN A users and later I am planning to introduce Traffic Shaping to prioritize VOIP.

Thanks
Ashima