Port forwarding failed due to different GW configured

  • Hi

    Could you please advise if I will be able to achieve the following

    Port forwaring in Pfsense is used to allow RDP connection to a windows box. However the default gateway of the windows is not set to the PFsense LAN IP. Instead it is configured to use a LAN IP of a Linux on the same subnet.

    There are NAT rules set on the linux box and the action is return. Therefore Windows can access the Internet without any issue.

    It is understood that the port forwarding will not be functioning and I would like to know if there is any workaround either on the linux or pfsense itself

    Thank you in advance

  • LAYER 8 Global Moderator

    Why would you have it setup like that - why are you using linux as the gateway?  For what reason??

  • Well, long story in short, due to the censorship of the internet of my lovely country, I have to run shadowsocks redirection service as an additional gateway on a linux box to handle certain traffic.

    I can replace my home router to something which has shadowsocks built-in, however pfsense is still my first choice.

    Thanks and Regards RW

  • LAYER 8 Global Moderator

    Couple ways to solve your problem - but in general your setup is not optimal..

    You would need to host route on the box your trying to rdp too.  Problem is you need to know the source IP you would be coming from.  2nd option is to source nat the port forward so it looks like its coming from pfsense interface in the lan network.

    BTW port forwarding remote desktop, ie open from the internet is not a very good idea.  If you want to get to machine on your network while your remote - vpn in.  Then since your device is not using pfsense as a gateway set up a route on that host to point to pfsense to get to whatever your vpn network is when you set it up.

    Why don't you setup pfsense as your default gateway and route from your host to your linux box for specific traffic?

  • Hi johnpoz

    Thanks for your explanation. I just would like to connect from my working which has a static IP, therefore there are rules to control the RDP traffic.

    Your replies give me ideas which I missed in the first place. Thank you and a big thumb up. Could you please explain a bit more regarding the source NAT option, shall I do that on the PFsense box or anywhere else. Any related articles will be helpful

    Cheers and Regards RW

  • LAYER 8 Global Moderator

    Source nat would be done on pfsense.

Log in to reply