Inbound rule

  • Hello,

    as an absolute newbie to PfSense (so far I'm used to Shorewall) I'm trying to make an inbound rule to access a testcomputer behid the new firewall.

    from the book about 1.2.3 I did understand I had to do something like this:
    If Proto Src. addr Src. ports Dest. addr         Dest. ports  NAT IP NAT Ports       Description

    WAN TCP         *         * 3389 (MS RDP) 3389 (MS RDP)

    the destination address is a Virtual Ip to map the traffic from the subnet to. but both Wan address nor VIP will establish the connection. Were do I go wrong? Anyone, hopefully?

    We use a dedicated PfSense 2.0.1 box. there are on the subject some differences between the 1.2.3 book and reality.

    regards from Amsterdam

  • I get to my desktop through RDP through the firewall using the following Firewall: NAT: Port Forward:

    IF          Proto          Src. addr          Src. ports          Dest. addr          Dest. ports          NAT IP        NAT Ports

    WAN      TCP            *                      *                      WAN Address      3389 (MS RDP)    *

    Create the port forward in 2.01 and it will create the Firewall Rule for you.

  • You have to create the port forward before you can get access. That is unless you are running a routed solution. It looks like you have that. By default, it should create and allow rule in the WAN as well. If you don't have the FW rule, create it and retest. The other part is that Windows RDP in Windows 7 and 8 only allow local subnets access to RDP. You have to allow that traffic trough the Widnows firewall also.

  • Hi, Thanks for your reactions.
    the rule I displayed is the Port forwarder. the complementary rule in the Wan IF has been created and seems ok.
    the subnet/interface in this case uses for outbound traffic a Virtual IP. so how to handle inbound traffic to that VIP and the subnet.
    I tried rdp connections both from win7 and winXP from an outside IP. but both didn't work out. I do not understand were I did go wrong. I hope you can tell me.
    a teamviewer connection is no problem at all.

    regards, Fons

  • Hi, I already found out what to do and what went wrong.
    in PF 2.0.1 you need to add NAT reflection to the port forward.

    thanks anyway

Log in to reply