Restrict RDP inbound to a specific set of source adresses



  • I am trying to increase access, and tighten up my remote access.  I have setup my PFSense to accept an incoming (RDP) connection on a specific (non-default)  port, translate it to the default RDP Port and direct it to the appropriate internal system.  It works fine now, and provided I specify the right port in my RDP client, I can remote desktop to any of the boxes I require.

    I would like to tighten up the ip address range that I allow as the source as a security improvement, restricting where the connection can be established from.  Is this as simple as adjusting the rule that I created to allow/perform the redirection?

    Also, I would like to remotely admin the PFsense from the same source IP, if this can be done securely without the pain of VPN.



  • create a remote admin alias, put your authorized IPs in there, change the source in your firewall or port forward entries to that alias. Detailed in http://pfsense.org/book



  • I never thought to use an alias to simplify the entry, thanks for the suggestion.  I will give it a shot!


Log in to reply