Avatar of msidnam
Flag for United States of America asked on

Is is possible to RDP to a direct LAN IP behind a pfSense firewall?

I'm am trying something with pfSense that I am not sure is possible. I have a need to segment one server from everything else. The most important thing is making sure it cant access anything on the network other than what we want (internet, file shares, other servers, etc).

What I have done is installed pfSense and made the WAN port have a static IP of our current network subnet. The LAN port is a subnet that I have connected to a dvSwitch connected to our esxi hosts).

What I am trying to do is from our main network subnet, RDP to a server on the subnet. If i do the traditional NAT by port forwarding the WAN to an internal LAN IP using port 3389 it works. But I can't do it (even if i select LAN Address as the destination) by typing in just 10.0.10.x.


Avatar of undefined
Last Comment

8/22/2022 - Mon

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Hi E C,
Yes, I think you have it correct. I am trying to isolate one server from our network (we may have more later but right now this is just a test). I know I may not be using pfSense in the traditional way as I know its meant more for internet connections. I was hoping to make my current network as the outside/WAN network  and create a separate subnet as the LAN.

My current network is a 192.168.x.x network and the LAN (separate) network as 10.0.10.x.

My main goal to do this is to make sure the isolated server cant access anything on our current network other than what we decide. I was thinking pfSense would be a good solution to do this, but I am also open to any other suggestions.

I will also try to add another LAN port. I don't see the option in interfaces. Would I need to created a bridge interface?

Thank you.

I was able to add an OPT1 interface which is attached to my current network. I assigned it an IP and gateway. Do I need to bridge the LAN and OPT1 so that anything from the LAN subnet (10.0.10.x) can reach my main network (192.168.x.x)?

I've been trying a few different things but i am unable to access file shares for example. I even created an any to any rule from LAN to OPT1. I'm just not sure how pfSense wants me to configure the LAN/OPT1 side for access.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy