Firewall blocks RDP connection



  • Hello to all,

    i am working since these morning on a problem with my RDP connection from remote (RDP Port is 1234).
    I alreaddy searched a lot abou these topic and read in the documentation but it does not solve my situation.
    In general i am having a NAT Port Forwoarding but the issue is alreaddy with the firewall thats why i am posting the topic here.

    My PFsense is behind a router and it has the WAN-IP 192.168.0.2
    My Phone which is now also connected to the router for testing has the IP 192.168.0.3.
    I connected to the router so that i can test the firewall port forwoarding from the WAN and exlucde problems with the router forwoarding.

    In the Log for the firewall i get the following information:
    (Red X) Jan 15 03:39:24 WAN 192.168.0.3:41762 192.168.0.2:1234 TCP:S

    When i go on the Red X i get the message "block/12000".
    I assume that is for the first rule under firewall for blocking everything which is not open anually.

    But under "Normal View" in the Firewall log i clicked on the + to add the "Easy Rule" to the firewall. And i moved these new rule to the TOP. But still eaven with these manual direcktly from the Firewall rule i get the same Red X which is blocking my traffic.

    I dont know what else to do.

    I am very helpfull for every support to troubleshoot my issue.

    Greetings Alex



  • https://www.netgate.com/docs/pfsense/nat/port-forward-troubleshooting.html contains everything you need to do to find the problem.

    Edit: Also don't be so stupid to open RDP to the Internet. Use a VPN for remote access, that's what it is made for.



  • This post is deleted!


  • @grimson Thats exactly the site where i found how to activate loging and how to see that it has a Red X.
    I did the stepps but it did not solved my issue.



  • @schalex said in Firewall blocks RDP connection:

    @grimson Thats exactly the site where i found how to activate loging and how to see that it has a Red X.
    I did the stepps but it did not solved my issue.

    That site contains much more advice, work through it all. Read the pfSense book and use google if you fail to understand parts (or all) of it.

    https://www.netgate.com/docs/pfsense/book/



  • @grimson So in generall do you have a idea about what could be the sollution or do you just want to let me learn how to solve the issue?
    If you have a idea i would be happy to discuss it. If you want to educate me and you have no clue how to help then i would be happy if you just stop writing in these thread!



  • Sure I know where the problem is, it's PEBCAK. And the solution is for you to gain the knowlegde to actually understand what you are doing. So use the resources available and start working.



  • RDP using port 1234 ?

    I'm impressed. That was the port I used to access a Windows server from the outside. I though it was original.
    Back then, I created this NAT rule :

    0_1547535207391_7e91bff5-d067-4254-8bf6-7f13c8065ee9-image.png

    0_1547536033657_0530b3e7-8445-42d7-8270-2f235756f5f5-image.png

    Btw : the Alias PowerEdge stands for 192.168.1.4 - a windows server my LAN.
    The related firewall rule under the WAN interface was created automatically.

    With this NAT rule I can connect from pfSense's WAN interface (some where from the Internet, actually) to my windows server.

    (well, the truth is, I have an ISP router in front of my router, so I had to "NAT" on this one also : TCP port 1234 incoming to IP WAN pfSense, port 1234 but that's non crucial information.)

    NAT was fun for the last two decades, but it died for me when I discovered IPv6 and OpenVPN ....



  • @schalex
    rule 12000 is blocking private networks

    0_1547581748876_9969ae98-9d97-475e-9d6f-5045956f5f6a-image.png

    0_1547581914517_aec92a26-f66c-4720-9c93-c3e03492f2f7-image.png

    you must remove this rule from the wan interface (interfaces/ wan)

    0_1547582047950_777357a0-ff0f-400d-b4c1-921c3b1a0f9e-image.png



  • @konstanti you are great. Thank you very much for these great feedback.
    I was really frustrated after @Grimson his advice that i changed PFsense to my old OpenWRT router.
    I needed a fast sollution because my employees could not work for one day alreaddy because of these situation.
    I decided that my Skills are not good enough for such a suffistikated Software and i have to say the in OpenWRT it took me maybe 1 hour to configure everything and it is just working perfectly :-)
    Therefore i think it was the best sollution for me.

    But @Konstanti and @Gertjan thank you so much for your great support. That is exactly what i hoped for.



  • @schalex If your problem is urgent and your business relies on it, I might suggest getting support from Netgate. You would have been up & running in under an hour.



  • Hummm. This was a puzzle in a puzzle.
    Didn't understand the answer of@Konstanti .
    Then I focused on "120000", a rule number that exist for all of us, under 'special' conditions'.

    @schalex said in Firewall blocks RDP connection:

    When i go on the Red X i get the message "block/12000".

    @Schalex : asking the WAN to block local IP addresses (192.168.1.x and family) if you have a router (the ISP router) in front a a router (pfSense) that will kill (99.9999999 %) of all incoming NAT connections (because they will be 'local').

    @Konstanti ✌


Log in to reply