Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    RDP to secondary LAN

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F022YF
      F022Y
      last edited by F022Y

      Hello all,

      Got a head scratcher (probably just from going cross eyed staring at rules).

      I have a box with 1 WAN nic to a FTTP connection, 1 LAN nic with DHCP (192.168.4.x) and a 2nd LAN nic that i've added after the fact for a separate network with a single PC on it (192.168.28.x).

      At first i had network issues then realised i needed to add some default allow rules as don't get added and i've created rules to stop LAN1 talking to LAN2 and viceversa. From there i then tested that i could ping good old google DNS from that LAN using the diagnostics, all good.

      My issue is i want to be able to RDP to the solo box on 3389 from a specific IP or DyDNS entry, i have created an alias group for these addresses but then i'm not sure how to create the NAT/firewall rule to go to the correct LAN, on another box i have setup RDP no problem but this is bugging me so any advice gratefully received.

      Currently the rule looks like this:-

      Int WAN > Pro TCP > SRC add aliasIPs > SRC Port * > Dest add WAN address > Dest Port 3389 > NAT IP 192.168.28.2 > NAT Port 3389

      V 1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Your best option is to run a VPN and use the RDP connection on top of that.

        -Rico

        F022YF 1 Reply Last reply Reply Quote 0
        • F022YF
          F022Y @Rico
          last edited by

          @rico Thank you for the quick reply.

          I'm still learning PFsense so as much as that would solve the RDP issue it may not be suitable for other things, originally i had 2 connections one FTTP and a 4G to 2 routers which i binned off for the single box solution for my live/test environment due to 4G drop outs where i live.

          The second LAN is just where i test things (web hosting, SFTP etc) while i learn and understand how pfsense rules work i want to test NATing things like 443 and 80 for web hosting.

          Again sorry if i'm being really stupid about how i'm going about this. Much more in depth than the Netgear I had.

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by

            Did you check and follow https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html ?

            -Rico

            F022YF 1 Reply Last reply Reply Quote 0
            • F022YF
              F022Y @Rico
              last edited by

              @rico said in RDP to secondary LAN:

              https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html

              I did use that but my confusion came from that refers to a 1 WAN 1 LAN so was unsure if i needed to do anything different when it comes to 2 LAN.

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Galactic Empire @F022Y
                last edited by

                @f022y pfSense should just figure out where the destination is.

                However are you trying to connect from the Internet, or from LAN1? If from "inside" you may need reflection.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                1 Reply Last reply Reply Quote 0
                • V
                  viragomann @F022Y
                  last edited by

                  @f022y said in RDP to secondary LAN:

                  Currently the rule looks like this:-
                  Int WAN > Pro TCP > SRC add aliasIPs > SRC Port * > Dest add WAN address > Dest Port 3389 > NAT IP 192.168.28.2 > NAT Port 3389

                  The rule looks well. Should work.
                  Did you also set a "Filter rule association"?

                  1 Reply Last reply Reply Quote 0
                  • F022YF
                    F022Y
                    last edited by

                    Sorry been away so not been back.

                    I decided to try it and restricted to the IP I got from my mobile phone provider and it worked a charm. I guess that PFsense doesn't care about the inbound interface (by this i mean the NIC being presented internally) as pointed out by SteveITS

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.