I need to allow a few clients (by MAC address) to RDP from Red to a few VMs in Green. Here is what
Create Host Firewall Group called WindowsVMRDP, which includes mac addresses for my laptop’s ethernet and wireless interfaces plus my wireless router’s mac address.
Add the Host group as the source for the existing external RDP firewall rule -
But as long as the Host group is set as the source, I could not make the RDP connection.
Please advise what I may have missed. Thanks!
Bo
Are the devices in the WindowsVMRDP group somewhere in the WAN?
Then you cannot define them by their MAC address. MAC addresses are valid as identification inside the local network they belong to.
Packets from them arriving at the RED interface of IPFire contain the MAC of the last router on the way ( usuallly the gateway ).
The devices can be identified by IP.
That makes sense. Thanks you, Bernhard! I was trying to avoid whitelisting IPs as the laptops moved around.
But I did add the router’s Mac address, that did not work either. Do you know why?
Or the safer way is to set up vpn road warrior tunnels for them.
From CU195 the VPN tunnels can be IPSec, OpenVPN or WireGuard.
That way you can cryptographically authenticate the user and also cryptographically encrypt the communication channel itself.
I am in China, OpenVPN or Wireguard are blocked…
then check IPSec as @bonnietwin mentioned - My brief research has shown that it should work
