Unable to perform port forward from WAN to LAN VM (pfsense and windows vm running in Hyper-V)

shashank.brdj · Dec 2, 2022, 10:02 AM

Greetings Community,

I have been working on creating a port forward in pfSense to forward request from WAN address to a LAN VM, and I am unable to get it work.
Note: Both pfSense and Windows machine (with RDP enabled) are virtualized using Hyper-V.
I'm using a Windows 10 Pro machine as a host to run these Hyper-V VM's.
The main host has only 1 physical NIC.
So for the pfSense, I have created 2 virtual switches in Hyper-V switch manager.
Here are the details.
WAN - Which has been configured with Public IP and gateway of ISP. (which is the physical NIC)
LAN - created for providing IP's to VM's.
Note: Both WAN and LAN are virtualized switches.

In pfSense, everything works fine, all LAN and WAN rules are properly configured.
I am able to ping WAN to LAN and vice-versa. I can access internet from LAN VM's as well.

Issue:
I am trying to forward request from Public IP (WAN Interface) to a particular LAN VM.
So, when someone tries to RDP to 14.x.x.x public IP, it should be automatically port forwarded to my LAN VM running 192.x.x.x as it's IP.

But the RDP fails. I have attached the screenshots of the same.
Any help would be highly appreciated.
Thanks!

viragomann · Dec 2, 2022, 11:51 AM

@shashank-brdj
Remove the gateway from the LAN interface settings.

Also change the protocol in the RDP port forwarding to TCP/UDP.
However, its not a good idea to expose the RDP port to the outside bad world at all.
You should better create a VPN instance and direct RDP over it.

shashank.brdj · Dec 6, 2022, 11:17 AM

@viragomann Thank you for reaching out,
I have removed the gateway from LAN, and also set the protocol to TCP/UDP in NAT rules.
I am still facing the same issue.
When I run a port test from LAN to the 14.x.x.x:3389, I get a success..
But when I run the same port test from WAN interface to same public IP, I get a connection failed.

Also, In the interfaces, the LAN has not been given any gateway.
Any suggestions?
Thanks

viragomann · Dec 6, 2022, 11:47 AM

@shashank-brdj
I suspect that Windows is blocking outside access. This is the default behavior in Windows.
You might have to allow it in its firewall or disable it.

shashank.brdj · Dec 11, 2022, 6:38 AM

@viragomann Sorry for the delayed response.
I sorted the issue, but I digress.
I was trying to access the WAN1 address and was checking if port forward was working from a network which by default was given to another physical firewall which blocks access.
I tried testing the WAN1 port forward using another outside network, and it works fine.
I should have troubleshooted this quite early. But hey, I'm glad it's sorted.
Thanks for helping out, everything you told is accurate and helped me figure this issue out.

Now I have allowed VLAN access from WAN2 (physical firewall) to WAN1 (virtual firewall) and I am able to access port forward from LAN of WAN2.

Cheers!