pfSense Support Subscription

Author Topic: Redirect to specific host according to port  (Read 140 times)

0 Members and 1 Guest are viewing this topic.

Offline ink_theory

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Redirect to specific host according to port
« on: December 05, 2017, 07:10:02 am »
Good morning pfSense community,

It's my first post here, I'm a pfSense novice so sorry I couldn't find a post that matches what I was looking for. Maybe I was looking for with wrong terms in Search field.

I did install pfSense and my virtual machines are succesfully passing through it to have internet access. The portal works perfectly and I could also create rules to test on my lab environment.

What I'm trying to achieve is:
- Whenever someone outside my network wants to access my machines via RDP, it must specify the hostname and port. Ex: SERVER01:3389
- If a different port is specified, it goes to the respective host. Ex: SERVER01:3390 points to SERVER02:3389

How do I achieve this? Via DNS Resolver? I tried HAProxy, but couldn't accomplish it.

THank you very much!

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 388
  • Karma: +32/-0
    • View Profile
Re: Redirect to specific host according to port
« Reply #1 on: December 05, 2017, 07:42:21 am »
NAT / port forwarding is your answer.

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

You would need to port forward port X to SERVER01:3389, port Y to SERVER02:3389

In their RDP connection they'd need to put your WAN-IP:X or Y in the computer logon details.

NAT makes the decision on dst IP and port, hence two different ports hitting the WAN interface.

TBH you'd be better setting up a VPN server on your WAN router, so they could connect via VPN then just connect to the server.

https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
« Last Edit: December 05, 2017, 07:58:15 am by NogBadTheBad »

Offline ink_theory

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Redirect to specific host according to port
« Reply #2 on: December 05, 2017, 11:56:18 am »
Hi NogBadTheBad,

Thanks for the answer, I could accomplish this RDP solution for both servers using different ports and it went smoothly.
Both servers do deliver a website using ports 80 and 443 but only one of them are serving.

What I did try:
- A new forwarding port rule from 5443 to 5443 that uses https to serve the site from SERVER01.
- A new forwarding port rule from 443 to  443 that uses https to serve the site from SERVER02

Each one has their own specific rule to forward the same way I did to RDP tests. But only SERVER02 works properly.
Is there something else I must do?

Thanks!

Offline Stewart

  • Full Member
  • ***
  • Posts: 255
  • Karma: +16/-2
    • View Profile
Re: Redirect to specific host according to port
« Reply #3 on: December 05, 2017, 01:27:52 pm »
Try creating a NAT that states
From anywhere (really you should limit this if you can and not leave it open to the world)
From any port
Destined for your WAN IP
Destined at the port you want people to use (ie 5443)
Redirect Target IP is the IP of the internal server
Redirect Target port is the port to access on the internal server.

If you leave the ports as default on your servers inside the network and just let NAT do the translation things are easier.
Make sure to access similar to https://wan.ip.addr:5443 from outside the network.  Inside the network it would be https://lan.ip.addr

Offline ink_theory

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Redirect to specific host according to port
« Reply #4 on: December 12, 2017, 05:23:07 am »
Thank you very much Stewart! This topic is now solved! :)