How do I forward a single port with remapping?

Started by NetGobbler, December 21, 2021, 08:49:46 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 21, 2021, 08:49:46 AM
Disclaimer:

This is not secure and I know it's not secure, I patch my systems and I have a very complicated password with guest account disabled.


On my old normal ISP TPLink router, I have a rule, to forward an external port, let's call it 44321 to an internal port on my network (3389, RDP) to a single workstation.

That's the only port forward on my network.
When I'm away, I can RDP home.   Yes, I get lots of login attempts in the Windows event log, my password is stupid long and only 1 account is enabled.   I've never been breached in 10 years of doing this.


So I'm trying to replicate this and I can't figure it out.


I'm in a section called FIREWALL: NAT: PORT FORWARD and about half the options make sense to me.

It's asking for a source port range, which I'd assume is  other / other on 44321
Then it's asking for a destination, which I would assume to be, my Windows PC with RDP enabled.

It then asks for a "Redirect target IP" which baffles me?
Regardless I put the same IP in and unfortunately, it doesn't work.

https://i.imgur.com/8Jb8Jul.png

Does anyone know what I'm doing wrong?
(besides trying to do it in the first place, yes I know - see the top line)

December 21, 2021, 10:37:22 AM #1
Hi,

Destination is the Interface/Address you connect to from the outside, so usually your WAN IP. You should select WAN address here.
Destination Port is where you connect to from the outside, so use here 44321
Source IP: Any (if you can limit here, I would do it), thats where you can connect from
Source Port: Any, you usually do not know which one is chosen by the connecting computer.
Redirect target IP: Where you want to forward the connection, so your Windows PC.
Redirect target Port: Port, where you want to forward the connection: 3389

I personally would use a VPN.

KH
December 22, 2021, 12:44:07 AM #2
Buddy thank you, this is lovely, I am up and running nicely.
December 22, 2021, 03:39:04 PM #3
Exposing RDP to the outside, even using a different port, it's a VERY bad idea. I would strongly discourage you from doing that. As suggested above, use VPN for remote access.
December 30, 2021, 10:28:32 PM #4
If more people chime in, maybe we can convince you?  8)

As you have an OPNsense firewall, I would also strongly suggest using a VPN to phone home. It will take you 10 minutes of configuration, and to phone home it would require you just one additional step; click connect on an app beforehand. WireGuard would be an excellent option as it has support for all major OS' and is negligble in regards to performanc drop.

https://docs.opnsense.org/manual/how-tos/wireguard-client.html

Good luck anyways :)
Running OPNsense through Proxmox
4 x Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz (1 Socket)
24 GB RAM
Print
Go Up Pages1
User actions