pfSense Gold Subscription

Author Topic: RDP/RemoteApp via FQDN only!  (Read 165 times)

0 Members and 1 Guest are viewing this topic.

Offline entr0py

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
RDP/RemoteApp via FQDN only!
« on: January 12, 2018, 03:52:55 pm »
I'm hoping to find a way to restrict RDP/RemoteApp access via WAN IP and only allow connections using FQDN. In other words, when connecting remotely via "any.domain.com:port" a RDP/RemoteApp connection would be established, but RDP/RemoteApp connections using "WAN IP (x.xx.x.xx):port" would get blocked. Is this at all possible and what is the best way to accomplish this?


Offline Grimson

  • Full Member
  • ***
  • Posts: 260
  • Karma: +36/-2
    • View Profile
Re: RDP/RemoteApp via FQDN only!
« Reply #1 on: January 12, 2018, 05:45:12 pm »
Is this at all possible...

Nope, all connections use the IP to connect, whether they resolve it via DNS or use it directly is not known by the firewall.

You really should learn the basics of networking first.

Offline keyser

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +4/-0
    • View Profile
Re: RDP/RemoteApp via FQDN only!
« Reply #2 on: January 13, 2018, 03:55:48 am »
You can’t do that with RDP directly.
But if you install “Remote Desktop Gateway Services” on a Windows Server, that will provide RDP access tunneled through HTTPS.
When going through HTTPS you can do exacly what you are looking for with fx. HAproxy as a reverse proxy on pfsense. There you can do an ACL that only allows connections over HTtPS with the proper URL entered by the client.

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2287
  • Karma: +210/-12
    • View Profile
Re: RDP/RemoteApp via FQDN only!
« Reply #3 on: January 13, 2018, 12:01:58 pm »
An analogy would be "I want people to get to my house using a map and not just driving from memory". The only way to do this is to directly control the client, nothing you can know when someone shows up at your house.

Offline Mats

  • Jr. Member
  • **
  • Posts: 77
  • Karma: +7/-1
    • View Profile
Re: RDP/RemoteApp via FQDN only!
« Reply #4 on: January 13, 2018, 01:52:49 pm »
You can’t do that with RDP directly.
But if you install “Remote Desktop Gateway Services” on a Windows Server, that will provide RDP access tunneled through HTTPS.
When going through HTTPS you can do exacly what you are looking for with fx. HAproxy as a reverse proxy on pfsense. There you can do an ACL that only allows connections over HTtPS with the proper URL entered by the client.

This works - I have it running on my home fw.