Problems forwarding TCP 3389 to multiple virtual IP's
-
I have a /29 from my isp and entered in all the vip's as proxy arp as single addresses.
I have two servers that are running remote desktop:
192.168.1.1 tcp 3389 >>>> 234.148.x.42 pfSense ip
192.168.1.20 tcp 3389 >>>> 234.148.x.45 VIP
When I setup nat for them (one tied to the pfsense ip, another tied to a vip), pfSense automatically sets up the firewall rules. It creates a separate rule for each one to open TCP 3389 from any source. The issue is, whichever rules appears first, that is the only server that works. If I change the rule to allow 3389 to the entire lan subnet, both external ip's work as expected and forward to the correct server.
I don't feel I should have to open the entire lan subnet for this to work. I also understand that first matched rule wins. I did check the firewall log and saw nothing about blocked connections.
Is there something I could be doing differently?
-
Post screenshots of exactly how your NAT and firewall rules look. Without that, it's hard to even speculate what might be going wrong.