How to RDP to a computer that is connected to 2nd DHCP in 2nd network

mst · Nov 17, 2009, 4:19 AM

Hello All,

I am new to PFSENSE and new to firewalls so take my appologies for something that is easy for YOU.

I have scenario:

LAN 192.168.5.0–- 192.168.5.119 WIFI router with DHCP 192.168.1.1 ----- 192.168.1.100 WIN2003 Server

From the network 192.168.5.0/24 I cannot access WIN Server uisng RDP 3389 port. How I can achieve this?

Another think how can I access WIN Server from WAN (outside) using RDP?

Take my appologies one more time if this is trivial for you.

MST

GruensFroeschli · Nov 17, 2009, 6:36 AM

Is the pfSense this WIFI router?
What interface is the 192.168.1.1/? ? The WAN? or an OPT?
Or is the WIFI router a different standalone device with the LAN of the pfSense connected to it's WAN?

Cry Havok · Nov 17, 2009, 12:35 PM

Forward 3389/TCP on the WiFi router to the Win2K3 server, having ensured that the Win2K3 server has a static IP address.
Forward 3389/TCP on the WAN router/firewall to 192.168.5.119 (the WiFi router)

mst · Nov 17, 2009, 2:19 PM

WIFI router is not PFSENSE WIFI. This is just Trendnet Router hooked to 192.168.5.0 network that has 192.168.5.119 IP. This device has it's own gateway
192.168.1.1 and it's own network 192.168.1.100-192.168.1.120

I know I should have added another NIC to PFSENSE and name it OPT1 - then it would even be place as DMZ or whatever just WIFI to be isolated from the rest of the natework.

mst · Nov 17, 2009, 2:21 PM

Thank You Cral Havok.

regarding 2) Forward 3389/TCP on the WAN router/firewall to 192.168.5.119 (the WiFi router) - yes I did that rule in firewall but I am not able to RDP that server from the LAN. I cannot ping 192.168.1.0 network from 192.168.5.0

Is there static route needs to be created ?

MST

Cry Havok · Nov 17, 2009, 2:49 PM

Try RDPing to 192.168.5.119 instead - if you've left the WiFi router doing NAT you won't be able to route to the 192.168.1.0/24 network.

mst · Nov 17, 2009, 5:08 PM

I can RDP that (192.168.1.100) server from 192.168.5.0 LAN; however I cannot RDP from outside WAN

MY NAT:

WAN TCP 3389 (MS RDP) 192.168.5.119 3389 (MS RDP)

WAN RULES:

TCP * * 192.168.5.119 3389 (MS RDP) *

And LAN rules:

* LAN net * * * *

Still not able to rdp from WAN.

Cry Havok · Nov 17, 2009, 5:26 PM

If you can RDP to the IP then it suggests that your WiFi router is only routing and not doing any NAT. You need to change your port forward and rules to reflect the IP accessible from the 192.168.5.0/24 LAN - 192.168.1.100.

mst · Nov 17, 2009, 6:25 PM

OK, lets forget about RDP throught WiFI router with enabled DHCP.

Simply I added port forwarding with Firewall rules to one of my desktops(yes I have enabled RDP in Windows XP prof. adding one user to RDP list) Now I can RDP from inside LAN but from WAN no. This was pretty easy on any devices like linskys, etc…. Why the simple think does not want to work with such amazing soft firewall like PFSENSE? I want to believe that I made some "user errors" not the soft. I will be fallowing another guide example from net.

I have to add I just simply copied rules from ENDIAN firewall that so far work pretty nice. I don't want to believe that I have to reboot PFSENSE in order to get it works after made any changes to rules. What I do wrong that simple RDP is not working?

MST

Cry Havok · Nov 17, 2009, 8:10 PM

Does the pfSense host know how to route to the 192.168.1.0/24 network? If not, how do you expect it to know how to forward packets…

mst · Nov 17, 2009, 8:31 PM

Should it looks like this:

![Static Route.JPG](/public/imported_attachments/1/Static Route.JPG)
![Static Route.JPG_thumb](/public/imported_attachments/1/Static Route.JPG_thumb)

Cry Havok · Nov 17, 2009, 8:38 PM

If 192.168.5.1 is the gateway to the 192.168.1.0/24 network then yes. However you've previously posted that 192.168.5.119 is the gateway.

mst · Nov 17, 2009, 8:52 PM

I am sorry - my bed. 192.168.1.119 is IP address of WiFI Router

WAN –--- 192.168.5.1 PFSENSE ----192.168.1.119 Wifi Router (DHCP) Gateway 192.168.1.1 ------- WINSERVER 192.168.1.110 (Static IP)

Should't I be able to ping 192.168.1.1 from network 192.168.5.0 ? after setting static route to 192.168.1.0/24 ?

Cry Havok · Nov 17, 2009, 10:03 PM

What IP addresses does the pfSense host have? What IP addresses does the WiFi router have? Please complete the following with the real IP addresses (if IP A is your real WAN IP then replace it with WAN):

WAN –-- IP A (pfSense) IP B ----- IP C (WiFi) IP D --- WinServer (192.168.1.110)

mst · Nov 18, 2009, 1:38 PM

WAN –-- 24.13.54.21 (pfSense) 192.168.5.1 ----- 192.168.5.119 (WiFi) 192.168.1.1 --- WinServer (192.168.1.110)

PFSENSE has GW 192.168.5.1 and it's DHCP 192.168.5.100-192.168.5.120

WiFI ROuter has GW 192.168.1.1 and its DHCP 192.168.1.100-192.168.1.120

WiFi is simply connected to 192.168.5.0 network

Cry Havok · Nov 18, 2009, 1:40 PM

Hopefully you're confused about those gateway addresses. The gateway address is the address of the device that connects to other networks.

For the pfSense host the gateway (default route) should be being set by DHCP. There should be a static route for 192.168.1.0/24 with a gateway of 192.168.5.119.

For the WiFi host the gateway should be 192.168.5.1.

mst · Nov 18, 2009, 1:48 PM

OK so that was user error I mean my …. :-\

I have been trying to experiment with static routes and after I added 192.168.5.1 to 192.168.1.1 and 192.168.5.1 to 192.168.5.119
my whole network went down and DHCP on WiFi router has been changed from 192.168.1.100-192.168.1.120 to 192.168.2.100-192.168.2.120

I am trying to figure it out why that happend.

Thank You for Your help. Every message make me closer to what I messed up.

MST