Restrict RDP inbound to a specific set of source adresses
I am trying to increase access, and tighten up my remote access. I have setup my PFSense to accept an incoming (RDP) connection on a specific (non-default) port, translate it to the default RDP Port and direct it to the appropriate internal system. It works fine now, and provided I specify the right port in my RDP client, I can remote desktop to any of the boxes I require.
I would like to tighten up the ip address range that I allow as the source as a security improvement, restricting where the connection can be established from. Is this as simple as adjusting the rule that I created to allow/perform the redirection?
Also, I would like to remotely admin the PFsense from the same source IP, if this can be done securely without the pain of VPN.
create a remote admin alias, put your authorized IPs in there, change the source in your firewall or port forward entries to that alias. Detailed in http://pfsense.org/book
I never thought to use an alias to simplify the entry, thanks for the suggestion. I will give it a shot!