07.06.2023

Routing in pfSense. Port forwarding

Network experts divide routers into two large classes - software and hardware. Hardware routers represent equipment developed in enterprises as a finished product. Software implementations are a set of programs or ready-made assemblies of operating systems that can be installed on almost any modern computer or server platform. Sometimes it is necessary to provide access from the Internet to machines located on the local network.  Consider the configuration of routing - port forwarding using pfSense.

PfSense is a software distribution based on the FreeBSD OS and designed to organize a router or a firewall, or all at once. This OS can be installed on almost any computer or server. A key feature of pfSense is the solution of tasks through a web-based interface.

Network setting

If the configuration is performed via VPS/VDS, you should create all the required servers, one of which will be managed by pfSense. Add network adapters and merge them into a single virtual network.

Getting started with the setup

In the main menu of the program (horizontal black), select interfaces → Assignments.

The web page refreshes, a list of all network interfaces appears. “Free” interfaces are in the Available network ports field. All interfaces are shown with mac addresses on them. From the drop-down list, select the necessary one and click the “Add” button.

After completing the action, the system will notify you of the successful addition. The interface will be called “LAN”. Save the settings by clicking on the “Save” button.

Configure the network adapter. To do this, open interfaces → LANin the main menu.

By setting the checkbox in the Enabled field, we activate the interface. Setting IPv4 as static IP (Static IPv4).

In the “Static IPv4 Configuration” configuration settings section, specify the IP address for this interface, in our case 10.0.0.254, maybe you will have a different one. At the very bottom of the page, click the “Save” button to save the changes.

The system will notify you of the changes. We apply them by clicking on the button “Apply changes”.

Configure the network interfaces of the clients

When configuring client network interfaces, it is important to remember that the address of the pfSense server must be specified as the gateway, in our case 10.0.0.254.

Configuring in Ubuntu

Editing the file /etc/network /interfaces:

auto ens31
iface ens31 inet static
address 10.0.0.2
netmask 255.255.255.0
dns-nameserver 8.8.8.8
gateway 10.0.0.254

Restarting the network service:

/etc/init.d/networking restart

Windows

To configure the network adapter in Windows, you must open start → Control Panel → Network and Internet → Network Connections or

Start → Control Panel → Network and Internet → Network and Sharing Center → Change adapter settings.

In the opened folder, right-click on the network adapter icon, select “Properties”.

 

In the window that opens, click on the name (not on the checkbox) and select “Internet Protocol Version 4 (TCP/IPv4)”. Click the “Properties” button.

 

 

In a new window, specify:

To save, click the “OK” button. In the Properties window of the network adapter, also click the “OK” button.

 

 

Important! Please note again that the pfSense server IP address must be specified as the default and default gateway.

Setting up routing

In the main menu of the web application, select firewall → NAT. On the “Port Forward“ tab click the button Add.

On the page that opens for editing the traffic redirection rule, we will create a rule for the RDP interface.

In the field Destination specify Any.

Destination port range (from a port) - select the destination port, in our case, MS RDP. The “to port” field will be filled in automatically.

Redirect target IP - specify the IP address of the server or computer running Windows.

Redirect target port - MS RDP.

If desired, fill out the description field - “Description”.

Click the button “Save”. And do not forget to click the “Apply changes” button.

Important! If the RDP port was changed (by default 3389), select the port name “Other”, in the Custom field indicate the current value.

The created rule is displayed as in the example below.

Similarly, rules are created, say, for SSH access.

Checking the connection

To test the settings, you need to connect an SSH client or application to access the remote desktop to the external IP address of the pfSense server.

You can also perform the check using the network port sniffer —nmap.