Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Problem accesing RDP

    Firewalling
    2
    3
    1378
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hacktek00 last edited by

      Hi.

      We have a pfsense box that provides load balanced internet access to the office (2 WANS) while still giving access to the intranet (1 LAN, multiple subnets). Because of the multiple subnets (which are controlled by another firewall) i have checked the "Bypass firewall rules for traffic on the same interface" option since traffic to/from the lan would pass through the same LAN interface and would get blocked by the default rule. As it is internally there's no problem as people can access load balanced internet while using all the services we have set up.

      The problem is external: some people have access to Remote Desktop to work from their house but the line they use to access is not one of the WANS connected to pfsense but rather the other firewall. So traffic should be doing this trip:

      User's House Line -> Smoothwall Firewall -> User's PC -> pfSense LAN IF (because the computers have pfsense as their gateway) -> pfSense WAN IF -> User's House Line

      pfSense is blocking access with this showing in the log:

      LAN  192.168.230.75:3389  200.122.x.x:1275  TCP:S

      I've already allowed outbound access to that particular PC as a test but it's still being blocked.

      Any clues?

      1 Reply Last reply Reply Quote 0
      • E
        Eugene last edited by

        In your scenario I am afraid no states are built in Firewalls as traffic is asymmetric and goes through NAT. Home PC will not understand that response-packet belongs to initiated connection as there will be a mess with tcp ports.

        Why do not you make life simplier: User's House Line -> pfSense WAN IF -> pfSense LAN IF-> User's PC -> pfSense LAN IF -> pfSense WAN IF -> User's House Line

        1 Reply Last reply Reply Quote 0
        • H
          hacktek00 last edited by

          Yeah, that's what i eventually did since i gave up heh

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy