Avatar of msidnam
msidnam
Flag for United States of America asked on

Is is possible to RDP to a direct LAN IP behind a pfSense firewall?

I'm am trying something with pfSense that I am not sure is possible. I have a need to segment one server from everything else. The most important thing is making sure it cant access anything on the network other than what we want (internet, file shares, other servers, etc).


What I have done is installed pfSense and made the WAN port have a static IP of our current network subnet. The LAN port is a 10.0.10.0/24 subnet that I have connected to a dvSwitch connected to our esxi hosts).


What I am trying to do is from our main network subnet, RDP to a server on the 10.0.10.0 subnet. If i do the traditional NAT by port forwarding the WAN to an internal LAN IP using port 3389 it works. But I can't do it (even if i select LAN Address as the destination) by typing in just 10.0.10.x.

NetworkingVMware

Avatar of undefined
Last Comment
msidnam

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
E C

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
msidnam

ASKER
Hi E C,
Yes, I think you have it correct. I am trying to isolate one server from our network (we may have more later but right now this is just a test). I know I may not be using pfSense in the traditional way as I know its meant more for internet connections. I was hoping to make my current network as the outside/WAN network  and create a separate subnet as the LAN.

My current network is a 192.168.x.x network and the LAN (separate) network as 10.0.10.x.

My main goal to do this is to make sure the isolated server cant access anything on our current network other than what we decide. I was thinking pfSense would be a good solution to do this, but I am also open to any other suggestions.

I will also try to add another LAN port. I don't see the option in interfaces. Would I need to created a bridge interface?

Thank you.
msidnam

ASKER
I was able to add an OPT1 interface which is attached to my current network. I assigned it an IP and gateway. Do I need to bridge the LAN and OPT1 so that anything from the LAN subnet (10.0.10.x) can reach my main network (192.168.x.x)?

I've been trying a few different things but i am unable to access file shares for example. I even created an any to any rule from LAN to OPT1. I'm just not sure how pfSense wants me to configure the LAN/OPT1 side for access.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy