Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forwarding to Multiple server

    Scheduled Pinned Locked Moved Routing and Multi WAN
    8 Posts 2 Posters 6.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ashima LAYER 8
      last edited by

      Hello everyone,

      Here is my Network Diagram. Please refer the attachment.

      I have two Pfsense boxes, one acting as Load Balancer(Box A) and another as Proxy and VPN server(Box B). I would like users connecting from WAN IP x.x.x.x (WAN A) to rdp to Win Server connected to LAN A and users connecting from WAN IP y.y.y.y (WAN B) to rdp to Win Server connected to LAN B.

      How do I go about this.

      with regards,
      Ashima

      1311_.jpg
      1311_.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Put a port forward on WAN A to LAN A server and a port forward on WAN B to WAN B Server.

        Unless you have your Proxy/VPN server doing NAT (which would be silly), in which case you would need to port forward there too.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          ashima LAYER 8
          last edited by

          Thanks Derelict for the quick reply. But I am still confuse.

          Please refer network diagram in the attachment. WAN A and WAN B are connected to pfsense box A, whereas LAN A And LAN B are connected to pfsense box B.

          So in Box A any rdp from WAN A or WAN B is port forwarded to Box B.

          I am sorry if I am sounding dump…. but how will box B distinguish packet coming from WAN A or WAN B... Box B sees Box A as its WAN connection.....

          regards,
          Ashima

          1 Reply Last reply Reply Quote 0
          • A
            ashima LAYER 8
            last edited by

            Hi Derelict,

            After re reading your solution… I realised that my 2nd box (Box B Proxy/VPN server) is indeed Natting.... so how should I go about it. Can I Bridge the Lan of Box A to WAn of Box B. How do we go about it in pfsense.

            Thank you
            Ashima

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              I would just disable NAT there. Firewall > NAT, Outbound.

              Either turn it off at the top or set to manual and disable or delete the rules.

              https://doc.pfsense.org/index.php/Outbound_NAT

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • A
                ashima LAYER 8
                last edited by

                Got it I would disable Natting in the 2nd pfsense box (Box B).

                Do I also have to enable the firewall  rule to allow all packets to pass through the WAN interface of Box B. Can you please help in that.

                regards,
                Ashima

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Yeah. You can probably just get away with a pass any any rule there like the default rule on WAN LAN. It's an inside router.

                  You can also just turn on routing-only (disables pf entirely) System > Advanced, Firewall & NAT Disable firewall. In that mode you lose everything: shaping, NAT, etc.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • A
                    ashima LAYER 8
                    last edited by

                    Thanks Derelict for the response. Yes I think go with first option. I'll enable  pass any rule in the WAN interface.

                    I think I'll not opt for second option as I'll be using captive portal for LAN A users and later I am planning to introduce Traffic Shaping to prioritize VOIP.

                    Thanks
                    Ashima

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.