Serverspace Black Friday
WB
April 27, 2020
Updated May 30, 2023

Routing in pfSense. Port forwarding

Networks

Network experts divide routers into two large classes - software and hardware. Hardware routers represent equipment developed in enterprises as a finished product. Software implementations are a set of programs or ready-made assemblies of operating systems that can be installed on almost any modern computer or server platform. Sometimes it is necessary to provide access from the Internet to machines located on the local network.  Consider the configuration of routing - port forwarding using pfSense.

PfSense is a software distribution based on the FreeBSD OS and designed to organize a router or a firewall, or all at once. This OS can be installed on almost any computer or server. A key feature of pfSense is the solution of tasks through a web-based interface.

Network setting

If the configuration is performed via VPS/VDS, you should create all the required servers, one of which will be managed by pfSense. Add network adapters and merge them into a single virtual network.

Getting started with the setup

In the main menu of the program (horizontal black), select interfaces → Assignments.

Getting started with the setup

The web page refreshes, a list of all network interfaces appears. “Free” interfaces are in the Available network ports field. All interfaces are shown with mac addresses on them. From the drop-down list, select the necessary one and click the “Add” button.

List of all network interfaces

After completing the action, the system will notify you of the successful addition. The interface will be called “LAN”. Save the settings by clicking on the “Save” button.

The system will notify you of the successful addition

Configure the network adapter. To do this, open interfaces → LANin the main menu.

By setting the checkbox in the Enabled field, we activate the interface. Setting IPv4 as static IP (Static IPv4).

In the “Static IPv4 Configuration” configuration settings section, specify the IP address for this interface, in our case 10.0.0.254, maybe you will have a different one. At the very bottom of the page, click the “Save” button to save the changes.

Static IPv4 Configuration

The system will notify you of the changes. We apply them by clicking on the button “Apply changes”.

The system will notify you of the changes

Configure the network interfaces of the clients

When configuring client network interfaces, it is important to remember that the address of the pfSense server must be specified as the gateway, in our case 10.0.0.254.

Configuring in Ubuntu

Editing the file /etc/network /interfaces:

auto ens31
iface ens31 inet static
address 10.0.0.2
netmask 255.255.255.0
dns-nameserver 8.8.8.8
gateway 10.0.0.254

Restarting the network service:

/etc/init.d/networking restart

Windows

To configure the network adapter in Windows, you must open start → Control Panel → Network and Internet → Network Connections or

Start → Control Panel → Network and Internet → Network and Sharing Center → Change adapter settings.

In the opened folder, right-click on the network adapter icon, select “Properties”.

Configure the network adapter in Windows

 

In the window that opens, click on the name (not on the checkbox) and select “Internet Protocol Version 4 (TCP/IPv4)”. Click the “Properties” button.

Internet Protocol Version 4 (TCP/IPv4)

 

In a new window, specify:

  • IP address - 10.0.0.3;
  • Subnet mask: 255.255.255.0;
  • Gateway - 10.0.0.254;
  • Preferred DNS server: 8.8.8.8.

To save, click the “OK” button. In the Properties window of the network adapter, also click the “OK” button.

In the Properties window of the network adapter

 

Important! Please note again that the pfSense server IP address must be specified as the default and default gateway.

Setting up routing

In the main menu of the web application, select firewall → NAT. On the “Port Forward“ tab click the button Add.

Setting up routing

On the page that opens for editing the traffic redirection rule, we will create a rule for the RDP interface.

In the field Destination specify Any.

Destination port range (from a port) - select the destination port, in our case, MS RDP. The “to port” field will be filled in automatically.

Redirect target IP - specify the IP address of the server or computer running Windows.

Redirect target port - MS RDP.

If desired, fill out the description field - “Description”.

Click the button “Save”. And do not forget to click the “Apply changes” button.

Create a rule for the RDP interface

Important! If the RDP port was changed (by default 3389), select the port name “Other”, in the Custom field indicate the current value.

The created rule is displayed as in the example below.

The created rule is displayed as in the example below

Similarly, rules are created, say, for SSH access.

Checking the connection

To test the settings, you need to connect an SSH client or application to access the remote desktop to the external IP address of the pfSense server.

You can also perform the check using the network port sniffer —nmap.

Vote:
3 out of 5
Аverage rating : 3
Rated by: 2
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
ITGLOBAL.COM NL
700 300
We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.