Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Mapping with Multiple Assigned Source Ports

    NAT
    3
    6
    858
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TSBrown
      last edited by

      Need help..
      I am about 48hrs into a new PFSense Router and am having a hard time getting a port forward application to work similar to a NETBSD device it replaced.  We have multiple employees who utilize Microsoft Remote Desktop to access their company computers from home.  Previous IT guys assigned each user a port like 3445 that would be NAT mapped to their computer's paddles and the standard port 3389 for MRD.
      I've exhausted my various combination of settings and have not found a similar example on the forum so far.  Any help greatly appreciated.  Screenshot enclosed of trial config.
      ![Screen Shot 2017-09-11 at 2.38.46 PM.png](/public/imported_attachments/1/Screen Shot 2017-09-11 at 2.38.46 PM.png)
      ![Screen Shot 2017-09-11 at 2.38.46 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-09-11 at 2.38.46 PM.png_thumb)

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        First off, your previous IT guys were morons ;)  If you want your employees to be able to RDP to devices on the work network they should VPN into your network.  This is going to be way more secure than opening up RDP to the public internet no matter if you change the port or not.

        But you can for sure do what your asking..

        You can forward whatever Port you want to some IP behind pfsense to 3389

        So you could for example
        3345 forward to 192.168.1.100 3389
        3346 forward to 192.168.1.101 3389
        3347 forward to 192.168.1.102 3389
        etc…

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • T
          TSBrown
          last edited by

          Thanks for responding and I agree VPN is the way to go and is my ultimate plan but I was trying to get functionality of the replaced router.  My problem is getting the proper settings in the NAT forwarding age to make this work.  I have tried various combinations but have been unable to have the ports properly mapped.  I guess it is source vs destination settings vs redirect settings.  Do I have to set source ports or are the assigned ports entered into the destination fields and then the user's work computer ip and port 3389 entered into the redirect fields.
          I'm using http://canyouseeme.org to test the mapping and have yet to be successful.

          Best,

          ….TB

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            I think your confusing what a source port is - would never come into play.. And you also would have to worry about the box running rdp firewall… Window machines out of the box would not allow rdp from a remote IP.. So you would have to modify their IP..  But here I will do a quick test and show you the screens..

            Create the forward, make sure firewall rule was created and not being blocked by some specific wan rule you created.

            Rules are evaluated top down, first rule to trigger wins.  No other rules are evaluated.

            You can see now when I check canyouseeme on the 3345 port it shows open..  You sure the ports your forwarding are allowed to your wan of pfsense?  Its not behind some other nat is it?  Check out the port forward troubleshooting doc

            https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

            portforwardto3389..png_thumb
            portforwardto3389..png

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • N
              nycfly
              last edited by

              Here's an example. External port 5202 is forwarded to 5201 on IP 192.168.69.15

              ![Screenshot 2017-09-12 17.30.36.png](/public/imported_attachments/1/Screenshot 2017-09-12 17.30.36.png)
              ![Screenshot 2017-09-12 17.30.36.png_thumb](/public/imported_attachments/1/Screenshot 2017-09-12 17.30.36.png_thumb)

              1 Reply Last reply Reply Quote 0
              • T
                TSBrown
                last edited by

                Thanks so much for the help.  Port forwarding is working now.  Next step getting my colleagues to us a VPN instead.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.