PFSense – looking for exact NoMachine-friendly settings

Forum / General Discussions / PFSense – looking for exact NoMachine-friendly settings

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #48260
    diver7100
    Participant

    Hello,

    Many thanks for allowing me to join NoMachine forum.

    Reference the https://forum.nomachine.com/topic/nomachine-and-pfsense

    which describes the Enterprise version as the solution.

    and the NoMachine and pfSense closed message thread,

    which I tried, but results were nil.  Unfortunately, for me, I cannot post a reply to those.

    One single computer needs to become host to a WAN side user, far away from my LAN.   So, subscribing to the Enterprise version seems to be overkill.

    Hours of “try this, try that” within PFSense Firewall-NAT,  Firewall-Rules, and even Interface assignment, won’t allow NoMachine to become visible to the distant computer.

    I read somewhere that doing Firewall Nat Outbound is the key.  However that option does allow me to specifiy port 4000, but it wont let me specify the LAN IP of the computer of NoMachine.

    Firewall NAT Port Forward is supposed to work.

    Interface LAN or WAN (I tried both)

    ipv4

    TCP/UDP

    Source Any, but the block to  enter the LAN IP is gray (:

    Destination Any and thee address mask block is gray

    Destination Port Range  other, 4000, other 4000

    (obviously I  don’t know what I’m doing at this point)

    Redirect target IP, type address or alies, and it did allow me to enter the LAN IP of the host computer

    Redirect target port   Other, and 4000

    Filter RUle association,  Rule NAT

    all this won’t work,  I’m barking up the wrong tree.  Distant computer cannot receive.  Distant computer user entered the host’s local LAN IP ’cause presumably that’s the way NoMachine works (maybe Im wrong).

    And so,  the real steps toward making NoMachine work thru PFSense, will be most graciously appreciated.

    Many Thanks

    #48273
    Tom
    Participant

    Hi Diver7100.

    Let’s start at the beginning and establish what you want to achieve.
    From what I understand, you want a computer that is outside your network to be able to access the computer or computers inside your network. Am I right?

    One solution is to open a port on the router and redirect traffic coming on that port to one of the computers on your LAN (port-forwarding or port-mapping). This article explains how to enable port-forwarding, I’m not sure if your search took you to that or not.

    https://kb.nomachine.com/AR04S01122

    Remember that in doing that your opening up access to your computer to anyone outside, including malicious users, so you must put the appropriate protection in place. To minimise this risk, you should only allow connections to this port from one or more known IP addresses by adding a rule to your firewall. You can also use a VPN server such as OpenVPN or any other. This gives greater security.

    Regards,
    Tom

    #48278
    Britgirl
    Keymaster

    Some clarifications to your comments…

    … won’t allow NoMachine to become visible to the distant computer.

    NoMachine hosts are visible to other NoMachine clients when they are all on the same LAN (i.e in Machines computers on the same LAN show with a pipe icon).

    Distant computer user entered the host’s local LAN IP ’cause presumably that’s the way NoMachine works

    When the user is on the same LAN as the computer you want to connect to, the local LAN IP is used. When connecting over the Internet, you use the public IP address of computer. For most users, this is the IP address of the router that sits in front of the computer you want to access.

    Did you already see https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html#figure-port-forward-example (for the Pfsense port forwarding configuration)?

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.