Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internal RDP Rule

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 431 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      Commander
      last edited by

      Hello,

      I'm looking for some help with setting up a firewall rule.

      I'm trying to harden my security, and am looking at configuring a rule that allows RDP access from my LAN to another internal IOT VLAN. I would basically like my IOT VLAN to not have access to any of the other VLAN's on my home network. So, I'd like to be able to RDP from Computer 1 on my LAN, to any Virtual Machine I have setup on my IOT VLAN. I would like the IOT VLAN accessible from any device/IP from my LAN network, via RDP. Once I am RDP'd in, I can do whatever I need to from that VM.

      I attempted to setup a rule (Firewall => Rules => IOT VLAN) that basically does the following:
      Protocol Source Port Destination Port Gateway Queue
      TCP any any IOT VLAN 3389 any none

      This does not seem to have done the trick, and I'm not really sure where to go from here.

      All other topics I've tried searching on, all point to people wanting to allow RDP access from an external source to their network, and I haven't been able to find anything that covers allowing RDP access accross VLANS internally.

      Any help here would be appreciated, not sure if I'm just missing something simple, or if I need to add another rule somewhere else.

      Thanks for your time!

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        Out of the box the default any any rules would allow you access anything on any of your other vlans. Be it rdp, ntp, ssh, smb, anything..

        The rules on your other vlan are meaningless if your lan is creating the traffic, since return traffic would be allowed by the state.

        If you can not access your vlan from the default lan rules of any any, then you have some firewall on your dest box, it doesn't have a gateway, or points to a different gateway..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.