Limit access to specific IP based on Credentials
I have a situation where I want to restrict a users ability to RDP into specific IP addresses. I need to do this prior to operating system authentication. Is there a way to do this from within pfSense. Thanks for the help.
where is the user, where is the rdp box he is wanting to rdp too?
The user is on the WAN side of the Firewall and the box being accessed is on the LAN side of the Firewall. Due to complications in the system I create virtual IP in the Firewall and then NAT.
Huh? Wan side you mean internet... or is your wan an internal network.?
Just create a firewall to only allow his IP to get to this machine behind pfsense he wants to rdp too..
For that matter make him VPN to pfsense to get to the RDP, etc.. Why is the login to the rdp box not good enough security if he is on your own network?
The WAN side is an Intranet. Unfortunately I need to have multiple IP addresses that can be accessed. One "set" needs to be accessed by one person and a different set of IP addresses need to be accessed by other people.
You can group your RDP Servers into an Alias to reduce/simplify your Firewall Rules: https://www.netgate.com/docs/pfsense/firewall/aliases.html
If your "wan" is only an intranet - may I ask why your natting? Normally doesn't make a lot of sense to nat rfc1918 to rfc1918 unless you have a overlap in space.. Which its always better to fix the overlap by using different space, etc.