We are happy to announce the release of pfSense® software version 2.3.3!
This is a maintenance release in the 2.3.x series, bringing numerous stability and bug fixes, fixes for a handful of security issues in the GUI, and a handful of new features. The full list of changes is on the 2.3.3 New Features and Changes page, including a list of FreeBSD and internal security advisories addressed by this release.
This release includes fixes for 101 bugs, 14 Features, and 3 Todo items.
If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.
Upgrade Considerations
As always, you can upgrade from any prior version directly to 2.3.3. The Upgrade Guide covers everything you’ll need to know for upgrading in general. There are a few areas where additional caution should be exercised with this upgrade if upgrading from 2.2.x or an earlier release, all noted in the 2.3 Upgrade Guide.
Known Regressions
While, nearly all of the common regressions between 2.2.6 and 2.3-RELEASE have been fixed in subsequent releases, the following still exist:
- IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
- IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it. This has been fixed on our 2.4 development branch.
- Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223
Packages
Compared to pfSense 2.2.x, the list of available packages in pfSense 2.3.x has been significantly trimmed. We have removed packages that have been deprecated upstream, no longer have an active maintainer, or were never stable. A few have yet to be converted for Bootstrap and may return if converted. See the 2.3 Removed Packages list for details. pfSense 2.3.3 does bring back tinc (Mesh VPN), LCDproc, TFTP Server, and a new package “cellular” for use with some Huawei model 3G/4G cellular cards. Also noteworthy in case you missed it is the recently added ACME package for use with Let’s Encrypt which is available on 2.3.2-p1, 2.3.3, and 2.4.
pfSense software is Open Source
For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on GitHub:
- Main repository - the web GUI, back end configuration code, and build tools.
- FreeBSD source - the source code, with patches of the FreeBSD base.
- FreeBSD ports - the FreeBSD ports used.
Download
Using the automatic update process is typically easier than reinstalling to upgrade. See the Upgrade Guide page for details.
Supporting the Project
Our efforts are made possible by the support of our customers and the community. You can support our efforts via one or more of the following.
- Official appliances direct from the source. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
- Commercial Support – Purchasing support from us provides you with direct access to Netgate Global Support.
- Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.
Microsoft Remote Desktop Protocol (RDP) is a protocol developed by Microsoft, that provides users with a graphical interface to connect to another computer over a network connection.
In an internal network, it is possible to connect to another computer remotely using remote desktop protocol. However, the fun changes when you have to connect to your microsoft exchange(email) server box, or any computer running the microsoft operating system in your internal network from anywhere in the world using microsoft remote desktop protocol.
To solve this issue using pfsense firewall, we will have to :
Install pfsense firewall. Learn how to install pfsense firewall here.
Register a domain name with a dynamic dns provider and map our dynamic ip address from our isp to the domain name. Learn how to map your dynamic ip address to domain name here
Configure portforwarding rules on our pfsense router and point the domain name:port number to the ip address:port number of the internal computer hosting the email service, for example.
This guide “PORT FORWARDING FOR MICROSOFT RDP IN PFSENSE FIREWALL” will attempt to help us configure portforwarding rule and test it.
PORT FORWARDING FOR MICROSOFT RDP IN PFSENSE FIREWALL
Port forwarding is a form of NAT(Network address translation) that maps or redirects an ip address and port number combination to another ip address and port combination.
For example, if you want to access your web server in your internal network on port 80, port forwarding will help your pfsense router to simple redirect the ip address and port combination associated with your domain name to the ip address and port combination of the webserver on the internal network.
As if this isnt confusing enough, we will proceed to give you a practical example using microsoft remote desktop connection. Note that it may be better to use vpn for this purpose, however, we will show you how to port forward and a later guide will also show us how to use the VPN service.
WHAT DO WE HOPE TO ACCOMPLISH: We want to be able to use a computer on the internet to connect to a computer on our local network using the microsoft remote desktop protocol.
Now navigate to your pfsense router url and click on firewall => NAT. Remember what we said about port forwarding been a form of NAT or an application of NAT?
Next, click on add to add a port forward rule.
In the Interface field select WAN since you want the pfsense box to listen to connections from the internet.
In the protocol field select TCP or UDP or both if you are unsure about what protocol to use.
The Destination should be WAN Address and the Destination Port Range from and to fields should be set to the port number you want to forward. In our case, it is 3389 for MS-RDP.
The redirect target IP address should be the ip address of the computer on your internal network hosting the service you want to access. In our case we want to connect remotely to the computer having ip address of 192.168.100.16.
The redirect target port should be the port number of the service associated with the ip address you are connecting to. In our case, MS RDP is on port 3389.
VERY IMPORTANT: Make sure that filter rule association is set to add associated filter rule to enable pfsense add a firewall rule automatically to allow this port forwarding rule we are creating through the firewall.
Now click save.
To make sure this rule sticks, click apply changes.
TESTING OUR CONFIGURATIONS
To test, simply connect another computer to the internet. This computer should not be in the same subnet as your internal network. In our case the computer we are using has an ip address of 10.0.2.4 which is obviously not in the same subnet as our internal network.
On this computer that could be anywhere in the world, search for and open up remote desktop connection.
Next, type the domain name:port e.g chealth.xxx.com:3389
And you should see a prompt requesting for the name and password of the remote machine to connect to.
This shows that we have been successfull in configuring PORT FORWARDING FOR MICROSOFT RDP IN PFSENSE FIREWALL
Related posts:
Posted by3 years ago
Archived
We are having trouble with SNMP 64 bit counters in version 2.3.1-RELEASE-p1 (amd64).
When doing snmpwalk all we obtain is:
snmpwalk -v 2c -c xxxxx 192.168.1.99 1.3.6.1.2.1.2.2.1.10 IF-MIB::ifInOctets.1 = Counter32: 0
IF-MIB::ifInOctets.2 = Counter32: 0
IF-MIB::ifInOctets.3 = Counter32: 195801036
IF-MIB::ifInOctets.4 = Counter32: 6944
IF-MIB::ifInOctets.5 = Counter32: 620725929
Pfsense Fw 2.3 Eve-ng 10
IF-MIB::ifInOctets.6 = Counter32: 2726475342
Pfsense Fw 2.3 Eve-ng Update
IF-MIB::ifInOctets.7 = Counter32: 1172575356
No Counter64 values:
snmpwalk -v 2c -c xxxxx 192.168.1.99 1.3.6.1.2.1.31.1.1.1.6 IF-MIB::ifHCInOctets = No Such Instance currently exists at this OID
System:
uname -a
FreeBSD pfsense.pert 10.3-RELEASE-p3 FreeBSD 10.3-RELEASE-p3 #2 1988fec(RELENG_2_3_1): Wed May 25 14:14:46 CDT 2016 root@ce23-amd64-builder:/builder/pfsense-231/tmp/obj/builder/pfsense-231/tmp/FreeBSD-src/sys/pfSense amd64
Pfsense Fw 2.3 Eve-ng Key
I've found an old post with this subject, but no answers at all. Anyone with this problem could solve it?
Thanks!
3 comments