Problems forwarding TCP 3389 to multiple virtual IP's



  • I have a /29 from my isp and entered in all the vip's as proxy arp as single addresses.

    I have two servers that are running remote desktop:

    192.168.1.1 tcp 3389 >>>> 234.148.x.42      pfSense ip

    192.168.1.20 tcp 3389 >>>> 234.148.x.45    VIP

    When I setup nat for them (one tied to the pfsense ip, another tied to a vip), pfSense automatically sets up the firewall rules. It creates a separate rule for each one to open TCP 3389 from any source. The issue is, whichever rules appears first, that is the only server that works. If I change the rule to allow 3389 to the entire lan subnet, both external ip's work as expected and forward to the correct server.

    I don't feel I should have to open the entire lan subnet for this to work. I also understand that first matched rule wins. I did check the firewall log and saw nothing about blocked connections.

    Is there something I could be doing differently?


  • Rebel Alliance Developer Netgate

    Post screenshots of exactly how your NAT and firewall rules look. Without that, it's hard to even speculate what might be going wrong.


Log in to reply