RDP to Virtual IP



  • I love pfSense … working great. I just have one issue ...

    My ISP has provided me with a block of 5 usable addresses for WAN traffic. I have the one ending in 205 as the main WAN address. I have set up the other 4 as Virtual IPs 201 - 204. I made one Linux box on internal address 100 NAT 1:1 with Virtual IP 201, and created a firewall rule allowing SSH through. I can SSH through VIP 201 no issue at all. pfSense rocks!

    I did the same thing with RDP. I made on Windows server on internal address 5 NAT 1:1 with Virtual IP 202, and created a firewall rule allowing RDP through. HOWEVER, I can't seem to RDP in on 202. If I do the same thing with the main 205 WAN address, I can RDP into my network beautifully.

    I tried the same thing with the other VIPs and same result. No RDP through the Virtual IPs. NO PROBLEM through the main WAN IP on 205. I CAN do SSH through any of them ... just NOT RDP.

    Any suggestions? I have tried changing the VIP types from IP Alias to Other, Arp Proxy, and CARP but nothing works. Would love to get this working. Thank you!



  • @ShelburneFarms:

    I love pfSense … working great. I just have one issue ...

    My ISP has provided me with a block of 5 usable addresses for WAN traffic. I have the one ending in 205 as the main WAN address. I have set up the other 4 as Virtual IPs 201 - 204. I made one Linux box on internal address 100 NAT 1:1 with Virtual IP 201, and created a firewall rule allowing SSH through. I can SSH through VIP 201 no issue at all. pfSense rocks!

    I did the same thing with RDP. I made on Windows server on internal address 5 NAT 1:1 with Virtual IP 202, and created a firewall rule allowing RDP through. HOWEVER, I can't seem to RDP in on 202. If I do the same thing with the main 205 WAN address, I can RDP into my network beautifully.

    I tried the same thing with the other VIPs and same result. No RDP through the Virtual IPs. NO PROBLEM through the main WAN IP on 205. I CAN do SSH through any of them ... just NOT RDP.

    Any suggestions? I have tried changing the VIP types from IP Alias to Other, Arp Proxy, and CARP but nothing works. Would love to get this working. Thank you!

    Since you're coming from outside, are you sure the Windows Firewall has a rule to let it in from outside your local network?  I've been bitten by that before.



  • Also make sure that the firewall rule that compliments the NAT has your Windows box's internal IP address for the destination.



  • Trel … I can RDP through the main WAN interface, so Windows Firewall is not an issue (and I have been bitten by that before myself, so thanks for pointing that out).

    KOM ... yup, that is the case. But good suggestion.



  • Sometimes pfSense need to be rebooted to get the outbound NAT to function after config change.


Log in to reply