Forum / General Discussions / PFSense – looking for exact NoMachine-friendly settings
- This topic has 2 replies, 3 voices, and was last updated 7 months ago by Britgirl.
-
AuthorPosts
-
May 27, 2024 at 18:19 #48260diver7100Participant
Hello,
Many thanks for allowing me to join NoMachine forum.
Reference the https://forum.nomachine.com/topic/nomachine-and-pfsense
which describes the Enterprise version as the solution.
and the NoMachine and pfSense closed message thread,
which I tried, but results were nil. Unfortunately, for me, I cannot post a reply to those.
One single computer needs to become host to a WAN side user, far away from my LAN. So, subscribing to the Enterprise version seems to be overkill.
Hours of “try this, try that” within PFSense Firewall-NAT, Firewall-Rules, and even Interface assignment, won’t allow NoMachine to become visible to the distant computer.
I read somewhere that doing Firewall Nat Outbound is the key. However that option does allow me to specifiy port 4000, but it wont let me specify the LAN IP of the computer of NoMachine.
Firewall NAT Port Forward is supposed to work.
Interface LAN or WAN (I tried both)
ipv4
TCP/UDP
Source Any, but the block to enter the LAN IP is gray (:
Destination Any and thee address mask block is gray
Destination Port Range other, 4000, other 4000
(obviously I don’t know what I’m doing at this point)
Redirect target IP, type address or alies, and it did allow me to enter the LAN IP of the host computer
Redirect target port Other, and 4000
Filter RUle association, Rule NAT
all this won’t work, I’m barking up the wrong tree. Distant computer cannot receive. Distant computer user entered the host’s local LAN IP ’cause presumably that’s the way NoMachine works (maybe Im wrong).
And so, the real steps toward making NoMachine work thru PFSense, will be most graciously appreciated.
Many Thanks
May 28, 2024 at 06:59 #48273TomParticipantHi Diver7100.
Let’s start at the beginning and establish what you want to achieve.
From what I understand, you want a computer that is outside your network to be able to access the computer or computers inside your network. Am I right?One solution is to open a port on the router and redirect traffic coming on that port to one of the computers on your LAN (port-forwarding or port-mapping). This article explains how to enable port-forwarding, I’m not sure if your search took you to that or not.
https://kb.nomachine.com/AR04S01122
Remember that in doing that your opening up access to your computer to anyone outside, including malicious users, so you must put the appropriate protection in place. To minimise this risk, you should only allow connections to this port from one or more known IP addresses by adding a rule to your firewall. You can also use a VPN server such as OpenVPN or any other. This gives greater security.
Regards,
TomMay 28, 2024 at 11:30 #48278BritgirlKeymasterSome clarifications to your comments…
… won’t allow NoMachine to become visible to the distant computer.
NoMachine hosts are visible to other NoMachine clients when they are all on the same LAN (i.e in Machines computers on the same LAN show with a pipe icon).
Distant computer user entered the host’s local LAN IP ’cause presumably that’s the way NoMachine works
When the user is on the same LAN as the computer you want to connect to, the local LAN IP is used. When connecting over the Internet, you use the public IP address of computer. For most users, this is the IP address of the router that sits in front of the computer you want to access.
Did you already see https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html#figure-port-forward-example (for the Pfsense port forwarding configuration)?
-
AuthorPosts
This topic was marked as solved, you can't post.