Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Puzzled: Sometimes connecting to RDP behind firewall is fine, sometimes not

    Scheduled Pinned Locked Moved
    Firewalling
    1
    1
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GoldServe
      last edited by

      On some days, I can connect to RDP behind the firewall and some days (without dong anything to the firewall), i can not. I have captured a weird TCPDUMP sequence and was wondering if someone could see what is wrong. Thanks in advance.

      tcpdump -i ath0 port 3389

      tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
      listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes
      09:13:03.313629 IP MASKED.SERVER.16479 > tge.local.3389: S 2501540767:2501540767(0) win 65535 <mss 1460,nop,nop,sackok="">09:13:03.314119 IP tge.local.3389 > MASKED.SERVER.16479: S 3063361002:3063361002(0) ack 2501540768 win 65535 <mss 1460,nop,nop,sackok="">09:13:03.328974 IP MASKED.SERVER.16479 > tge.local.3389: . ack 1 win 65535
      09:13:03.332558 IP MASKED.SERVER.16479 > tge.local.3389: P 1:20(19) ack 1 win 65535
      09:13:03.488434 IP tge.local.3389 > MASKED.SERVER.16479: . ack 20 win 65516
      09:13:03.526894 IP tge.local.3389 > MASKED.SERVER.16479: P 1:12(11) ack 20 win 65516
      09:13:03.543213 IP MASKED.SERVER.16479 > tge.local.3389: F 20:20(0) ack 12 win 65524
      09:13:03.543676 IP tge.local.3389 > MASKED.SERVER.16479: . ack 21 win 65516
      09:13:03.543874 IP tge.local.3389 > MASKED.SERVER.16479: R 12:12(0) ack 21 win 0
      09:13:03.574288 IP MASKED.SERVER.16501 > tge.local.3389: S 1841222765:1841222765(0) win 65535 <mss 1460,nop,nop,sackok="">09:13:03.574788 IP tge.local.3389 > MASKED.SERVER.16501: S 2437382849:2437382849(0) ack 1841222766 win 65535 <mss 1460,nop,nop,sackok="">09:13:03.589518 IP MASKED.SERVER.16501 > tge.local.3389: . ack 1 win 65535
      09:13:03.593115 IP MASKED.SERVER.16501 > tge.local.3389: P 1:20(19) ack 1 win 65535
      09:13:03.786200 IP tge.local.3389 > MASKED.SERVER.16501: P 1:12(11) ack 20 win 65516
      09:13:03.805520 IP MASKED.SERVER.16501 > tge.local.3389: P 20:448(428) ack 12 win 65524
      09:13:03.806539 IP tge.local.3389 > MASKED.SERVER.16501: P 12:345(333) ack 448 win 65088
      09:13:03.822744 IP MASKED.SERVER.16501 > tge.local.3389: P 448:460(12) ack 345 win 65191
      09:13:03.991553 IP tge.local.3389 > MASKED.SERVER.16501: . ack 460 win 65076
      09:13:04.007995 IP MASKED.SERVER.16501 > tge.local.3389: P 460:468(8) ack 345 win 65191
      09:13:04.008508 IP tge.local.3389 > MASKED.SERVER.16501: P 345:356(11) ack 468 win 65068
      09:13:04.024662 IP MASKED.SERVER.16501 > tge.local.3389: P 468:480(12) ack 356 win 65180
      09:13:04.025110 IP tge.local.3389 > MASKED.SERVER.16501: P 356:371(15) ack 480 win 65056
      09:13:04.040297 IP MASKED.SERVER.16501 > tge.local.3389: P 480:492(12) ack 371 win 65165
      09:13:04.040747 IP tge.local.3389 > MASKED.SERVER.16501: P 371:386(15) ack 492 win 65044
      09:13:04.056487 IP MASKED.SERVER.16501 > tge.local.3389: P 492:504(12) ack 386 win 65150
      09:13:04.056925 IP tge.local.3389 > MASKED.SERVER.16501: P 386:401(15) ack 504 win 65032
      09:13:04.071988 IP MASKED.SERVER.16501 > tge.local.3389: P 504:516(12) ack 401 win 65135
      09:13:04.072420 IP tge.local.3389 > MASKED.SERVER.16501: P 401:416(15) ack 516 win 65020
      09:13:04.088142 IP MASKED.SERVER.16501 > tge.local.3389: P 516:528(12) ack 416 win 65120
      09:13:04.088567 IP tge.local.3389 > MASKED.SERVER.16501: P 416:431(15) ack 528 win 65008
      09:13:04.107273 IP MASKED.SERVER.16501 > tge.local.3389: P 528:540(12) ack 431 win 65105
      09:13:04.107714 IP tge.local.3389 > MASKED.SERVER.16501: P 431:446(15) ack 540 win 64996
      09:13:04.239576 IP MASKED.SERVER.16501 > tge.local.3389: . ack 446 win 65090
      09:13:04.298451 IP MASKED.SERVER.16501 > tge.local.3389: P 540:634(94) ack 446 win 65090
      09:13:04.494632 IP tge.local.3389 > MASKED.SERVER.16501: . ack 634 win 64902
      09:13:04.509572 IP MASKED.SERVER.16501 > tge.local.3389: P 634:997(363) ack 446 win 65090
      09:13:04.510512 IP tge.local.3389 > MASKED.SERVER.16501: P 446:480(34) ack 997 win 64539
      09:13:04.518484 IP tge.local.3389 > MASKED.SERVER.16501: P 480:807(327) ack 997 win 64539
      09:13:04.534031 IP MASKED.SERVER.16501 > tge.local.3389: . ack 807 win 64729
      09:13:04.767079 IP MASKED.SERVER.16501 > tge.local.3389: P 997:1524(527) ack 807 win 64729
      09:13:04.767105 IP MASKED.SERVER.16501 > tge.local.3389: P 1524:2984(1460) ack 807 win 64729
      09:13:04.767118 IP MASKED.SERVER.16501 > tge.local.3389: P 2984:3097(113) ack 807 win 64729
      09:13:04.767133 IP MASKED.SERVER.16501 > tge.local.3389: P 3097:4557(1460) ack 807 win 64729
      09:13:04.767156 IP MASKED.SERVER.16501 > tge.local.3389: P 4557:5939(1382) ack 807 win 64729
      09:13:04.768560 IP tge.local.3389 > MASKED.SERVER.16501: . ack 3097 win 63962
      09:13:04.768761 IP tge.local.3389 > MASKED.SERVER.16501: . ack 5939 win 61120
      09:13:04.768884 IP tge.local.3389 > MASKED.SERVER.16501: P 807:855(48) ack 1524 win 65535
      09:13:04.769215 IP tge.local.3389 > MASKED.SERVER.16501: P 855:907(52) ack 5939 win 61120
      09:13:04.769474 IP tge.local.3389 > MASKED.SERVER.16501: P 907:959(52) ack 5939 win 61120
      09:13:04.769706 IP tge.local.3389 > MASKED.SERVER.16501: . ack 5939 win 62710
      09:13:04.769824 IP tge.local.3389 > MASKED.SERVER.16501: . ack 5939 win 64300
      09:13:04.792037 IP MASKED.SERVER.16501 > tge.local.3389: . ack 959 win 64577
      09:13:28.016193 IP MASKED.SERVER.16501 > tge.local.3389: F 5939:5939(0) ack 959 win 64577
      09:13:28.016709 IP tge.local.3389 > MASKED.SERVER.16501: . ack 5940 win 64300
      09:13:28.016931 IP tge.local.3389 > MASKED.SERVER.16501: R 959:959(0) ack 5940 win 0</mss></mss></mss></mss>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post