• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Limit access to specific IP based on Credentials

Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
7 Posts 3 Posters 1.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    robert.herrmann
    last edited by Jan 7, 2019, 9:03 PM

    Hello Everyone,

    I have a situation where I want to restrict a users ability to RDP into specific IP addresses. I need to do this prior to operating system authentication. Is there a way to do this from within pfSense. Thanks for the help.

    Rob

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Jan 7, 2019, 9:04 PM

      where is the user, where is the rdp box he is wanting to rdp too?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • R
        robert.herrmann
        last edited by Jan 7, 2019, 9:07 PM

        The user is on the WAN side of the Firewall and the box being accessed is on the LAN side of the Firewall. Due to complications in the system I create virtual IP in the Firewall and then NAT.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz Jan 7, 2019, 9:13 PM Jan 7, 2019, 9:12 PM

          Huh? Wan side you mean internet... or is your wan an internal network.?

          Just create a firewall to only allow his IP to get to this machine behind pfsense he wants to rdp too..

          For that matter make him VPN to pfsense to get to the RDP, etc.. Why is the login to the rdp box not good enough security if he is on your own network?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • R
            robert.herrmann
            last edited by Jan 8, 2019, 1:16 PM

            The WAN side is an Intranet. Unfortunately I need to have multiple IP addresses that can be accessed. One "set" needs to be accessed by one person and a different set of IP addresses need to be accessed by other people.

            1 Reply Last reply Reply Quote 0
            • R
              Rico LAYER 8 Rebel Alliance
              last edited by Jan 8, 2019, 1:22 PM

              You can group your RDP Servers into an Alias to reduce/simplify your Firewall Rules: https://www.netgate.com/docs/pfsense/firewall/aliases.html

              -Rico

              1 Reply Last reply Reply Quote 0
              • J
                johnpoz LAYER 8 Global Moderator
                last edited by Jan 8, 2019, 1:24 PM

                If your "wan" is only an intranet - may I ask why your natting? Normally doesn't make a lot of sense to nat rfc1918 to rfc1918 unless you have a overlap in space.. Which its always better to fix the overlap by using different space, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received