New install, RDP Ping rules not working

longc

@viragomann do you mean in the NAT port forward rule "destination" should be the ip of the pfsense WAN interface?

viragomann

@longc
That IP you want to forward. Could be the WAN interface address or a virtual IP, but it must be a unique IP.

longc

@viragomann like this?

viragomann

@longc
Yes, the destination IP is ok, but consider that RDP also use UDP. So you to edit the rule and change it to TCP/UCP.

When you want to forward pings you have to select ICMP there.

longc

@viragomann still not working:(

If i go to the Diagnostics > TestPort in pfsense and run the test to the dst ip/port it is successful but only if i select "any" or "LAN" as the source address. If i select "WAN" it fails.

Gertjan

@longc

You testing is wrong.
Your RDP device isn't on the WAN network.
It might work with something that is called NAT reflection, that is ugly.
Change the source address to "any" and the test will work. If it still fails, your 10.10.10.5 does't have RDP active or accessible.

To test a NAT rule, go to some device situated some where on the Internet, and test use the IP of your WAN - and port 3389.
Most often 'mstsc' will do.

Btw : Microsoft didn't drop you a note that you should never (like never ever) expose an RDP device on the internet ?
RDP can be used from everywhere, but : over a VPN.

longc

@gertjan i think you should probably read my op properly.

viragomann

@longc
Possibly the destination devices blocks connections from outside of its subnet?
However, if so, it should also not work, when pf filtering is disabled.

To investigate, run a packet capture on port 3389 on the LAN interface, while you try to connect to RDP.

longc

@viragomann rdp from a vm on the local network works fine and as you say when i have the pf disabled it works. See screenshot of packet capture on port 3389 below.

viragomann

@longc
I didn't see your WAN rules, but the only thing I can think of is it is blocked by the "block private network" rule.

longc

@viragomann have checked that also.

longc

@viragomann so this is working now but I am not entirely sure how . I kind of stumbled on the "fix".
I have a Google nest for home wifi with multiple ap's around the house. This nest router has its own DHCP service on the 192.168.86.0/24 network. Anyway if I put my test device on this network everything works as expected with pfsense. I don't know is it because it is a different network to the wan interface of the pfsense.