as an absolute newbie to PfSense (so far I'm used to Shorewall) I'm trying to make an inbound rule to access a testcomputer behid the new firewall.
from the book about 1.2.3 I did understand I had to do something like this:
If Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports Description
WAN TCP * * xxx.xxx.150.111 3389 (MS RDP) 10.1.0.52 3389 (MS RDP)
the destination address is a Virtual Ip to map the traffic from the subnet 10.1.0.52 to. but both Wan address nor VIP will establish the connection. Were do I go wrong? Anyone, hopefully?
We use a dedicated PfSense 2.0.1 box. there are on the subject some differences between the 1.2.3 book and reality.
regards from Amsterdam
SMuD last edited by
I get to my desktop through RDP through the firewall using the following Firewall: NAT: Port Forward:
IF Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports
WAN TCP * * WAN Address 3389 (MS RDP) 10.5.5.201 *
Create the port forward in 2.01 and it will create the Firewall Rule for you.
podilarius last edited by
You have to create the port forward before you can get access. That is unless you are running a routed solution. It looks like you have that. By default, it should create and allow rule in the WAN as well. If you don't have the FW rule, create it and retest. The other part is that Windows RDP in Windows 7 and 8 only allow local subnets access to RDP. You have to allow that traffic trough the Widnows firewall also.
Hi, Thanks for your reactions.
the rule I displayed is the Port forwarder. the complementary rule in the Wan IF has been created and seems ok.
the subnet/interface in this case uses for outbound traffic a Virtual IP. so how to handle inbound traffic to that VIP and the subnet.
I tried rdp connections both from win7 and winXP from an outside IP. but both didn't work out. I do not understand were I did go wrong. I hope you can tell me.
a teamviewer connection is no problem at all.
Hi, I already found out what to do and what went wrong.
in PF 2.0.1 you need to add NAT reflection to the port forward.