Forwarding RDP ports



  • I'm using pfSense (V2.0.3) with one WAN and two LANs to build a training environment at a small college. Each of the LANs is connected to a different classroom that will contain a separate MS Domain. My requirement is to allow students to use RDP and an assigned port number to connect to their assigned computer from home. I've been able to configure pfSense to forward the standard RDP port to a specific machine, but now I need to use a non-standard port and forward each one to a specific computer, something like port 8001.

    I've searched all over this forum and Google but have not found a specific example of how to set this up. I'm sure I'm just not doing something quite right in my rule(s). I would like the student to be able to enter an IP address with an assigned port number and have that forwarded to a specific computer and I would prefer not to have to make changes to the RDP port number on the client machine.

    I'm attaching a screen shot of the NAT rule that I created but it doesn't work. What am I doing wrong?

    (I'm also considering the use of VPN, but am still working on getting that to work too!)

    Thanks for any help.

    riversr54

    ![nat rule.png](/public/imported_attachments/1/nat rule.png)
    ![nat rule.png_thumb](/public/imported_attachments/1/nat rule.png_thumb)



  • @riversr54:

    I'm using pfSense (V2.0.3) with one WAN and two LANs to build a training environment at a small college. Each of the LANs is connected to a different classroom that will contain a separate MS Domain. My requirement is to allow students to use RDP and an assigned port number to connect to their assigned computer from home. I've been able to configure pfSense to forward the standard RDP port to a specific machine, but now I need to use a non-standard port and forward each one to a specific computer, something like port 8001.

    I've searched all over this forum and Google but have not found a specific example of how to set this up. I'm sure I'm just not doing something quite right in my rule(s). I would like the student to be able to enter an IP address with an assigned port number and have that forwarded to a specific computer and I would prefer not to have to make changes to the RDP port number on the client machine.

    I'm attaching a screen shot of the NAT rule that I created but it doesn't work. What am I doing wrong?

    (I'm also considering the use of VPN, but am still working on getting that to work too!)

    Thanks for any help.

    riversr54

    Hi,

    in general you did everything correct except that you defined a "Source Port". The Source ports are nearly always random.
    Set this to "any" and it will work.

    But I would suggest you to really use a VPN solution because RDP is not secure to use over the internet.

    There are probably many tutorial on the internet and forum how to setup OpenVPN with pfsense:
    http://www.youtube.com/watch?v=odjviG-KDq8



  • So…I guess that is where I'm confused. I need to tell it that the user will be specifying something like 123.456.789.123:8001 in the RDP client. The rule has to redirect that port (8001) to port 3389 on a specified IP address. Where do I specify port 8001 in this example?

    Regards,



  • Ok…I got it to work, I guess I was just a bit confused about the definition of "Destination" and "Source" in this context.

    Thanks for the help.

    And, I'll be working on VPN as time allows.



  • Nice to hear that!

    Source ist the client's computer on the internet
    Destination is your pfsense WAN address
    Redirect address is the computer on your LAN



  • @Nachtfalke:

    … RDP is not secure to use over the internet.

    Could you please provide a source for this?

    Thanks


  • Netgate Administrator

    It isn't (very well?) encrypted by default, though you can enable it easily enough:
    http://en.wikipedia.org/wiki/Remote_Desktop_Protocol#Security_issues

    Steve