New pfsense setup (RDP)

iAsk

Hello

I have installed pfsense on our home network, just want to try things out.

so the setup is my main modem to the pfsense then to a switch to the devices.
The pfsense has a static IP address (assign by the modem) of 192.168.1.15 (WAN side of pfsense)
then the pfsense local IP is 192.168.100.1, dhcp starts on 192.168.100.5 to 192.168.100.200 .

I have a server which is connected to the switch with an ip address assigned by the pfsense dhcp.
(as of now the file server is on 192.168.100.5)

I cannot RDP into it nor ping any devices that is on the LAN.

My firewalls rules are all default (Scratch from the fresh install) . My computer is on the same lan as well as the other devices. Oh the only thing I change is from AUTO NAT to Manual NAT

I think this can be configured thru the firewall and port forwarding?, I know this would be easy to you guys, just a newbie here.

RDP was working fine before the pfsense, so I'm missing something.

Thanks in advanced.

netblues

PF has nothing to do (and no way to control) access to your rdp host from your pc.
You have some switch issue, or the rdp host has a firewall which blocks everything.
Research the issue elsewhere. Even if pf was switched off or disconnected it would still make no difference

iAsk

Hello

As I told you before, RDP connection was fine before pfsense was installed, I can use rdp through lan, same setup just remove the pfsense. Window server has firewall turn off, i haven't even touch that.

netblues

I insist, look elsewhere.
To begin with, having a server being assigned ip address via dhcp is usually a bad idea, unless there are reasons for that.
Pf is at the network edge
Your pc and server are on the same lan
Your pc locates the ip of the server via arp and lan switch does the rest
Pf has no idea on that whatsoever.
Put a static ip on the server
make sure firewall is off and reboot
This is windows, Rebooting is needed by design

iAsk

@netblues Okay, Will do that and check.
One thing that concerns me is that I have also an AP with a static IP address.. i can't even access that nor ping thru my pc.

netblues

Recheck ip addreses, subnets
Use static for your pc and server and see if it works.
And post dhcp configuration from pf

iAsk

@netblues

netblues

Well I don't see the gateway option, but still even if it was wrong/missing you would have no internet But rdp would work.
In any case, dhcp is ok for what you are experiencing.
The curlpit is elsewhere.

iAsk

@netblues

I did not assign a gateway to the lan as it said there, maybe I was wrong, should I add it?

netblues

Not that gateway. The dhcp assigned gw to the clients
You must NOT assign a gateway on your lan interface whatsoever.
But solve the rdp issue. It is not pf related

chpalmer

Have you rebooted the switch? That would be the only other thing besides your client machines that could be causing your issue.

benman

Do you have port forwarding set up. I had to forward port 80 and 443 to my windows server to use Remote Desktop and Anywhere access.

jahonix

You do NOT want RDP from public internet forwarded to your server.
https://forum.netgate.com/topic/143948/more-details-about-bluekeep-the-microsoft-rdp-vulnerability

Microsoft has finally acknowledged flaws in the RDP implementation and NSA is begging admins to at least install all current patches.
The question is not if your server gets owned but when (hours or days).

Only way to play RDP safely is by a VPN to your pfSense.

netblues

@benman said in New pfsense setup (RDP):

Do you have port forwarding set up. I had to forward port 80 and 443 to my windows server to use Remote Desktop and Anywhere access.

Gentlemen.. WHAT are you TALKING about?
This is a same subnet connectivity issue.
Why on earth would anyone need to port forward, and more specifically 80 and 443 for rdp in any scenario?

JeGr

@netblues said in New pfsense setup (RDP):

@benman said in New pfsense setup (RDP):

Do you have port forwarding set up. I had to forward port 80 and 443 to my windows server to use Remote Desktop and Anywhere access.

Gentlemen.. WHAT are you TALKING about?
This is a same subnet connectivity issue.
Why on earth would anyone need to port forward, and more specifically 80 and 443 for rdp in any scenario?

I was asking that myself. Also I'm worried about

@iAsk said in New pfsense setup (RDP):

One thing that concerns me is that I have also an AP with a static IP address.. i can't even access that nor ping thru my pc.

as that sounds pretty much like a LAN side issue to me. Switch+AP+Server+Client - IF are in the same network 192.168.100.x like above - should have no problem seeing each other. Otherwise that's a switch/IP problem on that network. Nothing to do with pfSense so far but with networking/cabling problems AFAIR.

jahonix

I was referring to the fact that it worked before dropping in a router. Connecting host to host on the same broadcast domain must work, that traffic never reaches the router.

Two possible scenarios:

• access through the router
• layer8 problem and setup is messed up.

Maybe I interpreted too much in user's abilities.

@iAsk: can you post a schematic of your network layout, please. That would take the guesswork out.

benman

@JeGr Apologies, I was half asleep when I was replying to this, I was thinking about anywhere access and getting all the Remote Desktop settings from the Server Website.

JeGr

@benman No offense taken - just curious :)