On Fri, Mar 28, 2014 at 9:54 AM, greg whynott <[email protected]> wrote: > thanks for all the suggestions folks! While very nitchy and sure not to be > a wildly popular function, it would be nice to see, "policy-routing/nating" > based on matching an ACL which can make decisions based on data from the > higher layers. >
It's not that simple. What you have to do in the back end for something along those lines is ugly, you have to terminate the connection on the firewall, then have a proxy of some sort make the connection to the back end. Not bad for web servers, web reverse proxies have been common for quite some time, but for something like RDP it's ugly. In the described circumstance, it's impossible to know the hostname until well past the TCP session being established, so it's impossible to just port forward the TCP connection to the appropriate back end server. For something like this, Microsoft's remote desktop gateway is the best bet under the constraints noted here. _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
