Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot get access from external network

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    6 Posts 3 Posters 797 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RouterScooter
      last edited by

      Hi all,

      Apologies for the newb question (possibly) but i've been given the task of setting up 2 PFSense Servers in CARP which although i've never done this and not been given any help with it i've now got Internet access however i cannot seem to get anything INTO the network from the Internet (crucially RDP to our Terminal Servers).
      The client has a Draytek 2860 which i've pointed the DMZ Zone local IP on to the CARP WAN IP of the PFSense but i can't see why i cannot get into the network ?
      I have added firewall rules to Firewall - Rules - Floating selecting the WAN interface and direction of IN and then protocol of TCP and destination port of 3389 MS RDP and then set the internal LAN ip of the Terminal server on the Destination - Host or Single Address.
      I've also tried adding a port redirection in Firewall - NAT - Port Forward as well but it still won't connect.
      Am i doing something wrong/ missing something or is this going to be an issue with the Draytek ?
      Any help would be great or if someone could just tell me exactly what entries i need and in which section then at least i can discount it.
      Thanks

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hello,

        Start by wiping your firewall rules.
        No floating stuff. Nothing.
        Then,  create a NAT rule, TCP (probably) from "any" to the internal LAN IP - ports 3389 (chose MS RDP) both sides.
        This will create at the same time a related firewall rule.
        Done.
        Works for me ™.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • R
          RouterScooter
          last edited by

          Yeah…tried that but still won't work....just to confirm though that on the rule i have put in that the Interface is automatically set to WAN which i've left, the destination is the LAN IP for the interface of the PFSense (not the internal server IP) and then the redirect target IP is then the internal LAN IP of the server that is running RDP ?

          Thanks

          1 Reply Last reply Reply Quote 0
          • D
            DickB
            last edited by

            For "Destination" you have to select "WAN Address". This is the port where the outside connection arrives at you firewall.
            Then the "Redirect target ip" is the IP address of your server. That should make it work.

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan
              last edited by

              @DickB:

              For "Destination" you have to select "WAN Address". …..

              :o
              You're right. "WAN ADDRESS", not "any'.
              See image.

              Btw : I use "1234" for the outside port (so I use mstsc myhost.here.tld:1234 to access my Windows 2012 server)

              wan.PNG
              wan.PNG_thumb

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                The auto created Firewall rule on the WAN interface :

                wan2.PNG
                wan2.PNG_thumb

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.