Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Redirect to specific host according to port

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 532 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ink_theory
      last edited by

      Good morning pfSense community,

      It's my first post here, I'm a pfSense novice so sorry I couldn't find a post that matches what I was looking for. Maybe I was looking for with wrong terms in Search field.

      I did install pfSense and my virtual machines are succesfully passing through it to have internet access. The portal works perfectly and I could also create rules to test on my lab environment.

      What I'm trying to achieve is:

      • Whenever someone outside my network wants to access my machines via RDP, it must specify the hostname and port. Ex: SERVER01:3389
      • If a different port is specified, it goes to the respective host. Ex: SERVER01:3390 points to SERVER02:3389

      How do I achieve this? Via DNS Resolver? I tried HAProxy, but couldn't accomplish it.

      THank you very much!

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by

        NAT / port forwarding is your answer.

        https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

        You would need to port forward port X to SERVER01:3389, port Y to SERVER02:3389

        In their RDP connection they'd need to put your WAN-IP:X or Y in the computer logon details.

        NAT makes the decision on dst IP and port, hence two different ports hitting the WAN interface.

        TBH you'd be better setting up a VPN server on your WAN router, so they could connect via VPN then just connect to the server.

        https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • I
          ink_theory
          last edited by

          Hi NogBadTheBad,

          Thanks for the answer, I could accomplish this RDP solution for both servers using different ports and it went smoothly.
          Both servers do deliver a website using ports 80 and 443 but only one of them are serving.

          What I did try:

          • A new forwarding port rule from 5443 to 5443 that uses https to serve the site from SERVER01.
          • A new forwarding port rule from 443 to  443 that uses https to serve the site from SERVER02

          Each one has their own specific rule to forward the same way I did to RDP tests. But only SERVER02 works properly.
          Is there something else I must do?

          Thanks!

          1 Reply Last reply Reply Quote 0
          • S
            Stewart
            last edited by

            Try creating a NAT that states
            From anywhere (really you should limit this if you can and not leave it open to the world)
            From any port
            Destined for your WAN IP
            Destined at the port you want people to use (ie 5443)
            Redirect Target IP is the IP of the internal server
            Redirect Target port is the port to access on the internal server.

            If you leave the ports as default on your servers inside the network and just let NAT do the translation things are easier.
            Make sure to access similar to https://wan.ip.addr:5443 from outside the network.  Inside the network it would be https://lan.ip.addr

            1 Reply Last reply Reply Quote 0
            • I
              ink_theory
              last edited by

              Thank you very much Stewart! This topic is now solved! :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.