Problem accesing RDP
-
Hi.
We have a pfsense box that provides load balanced internet access to the office (2 WANS) while still giving access to the intranet (1 LAN, multiple subnets). Because of the multiple subnets (which are controlled by another firewall) i have checked the "Bypass firewall rules for traffic on the same interface" option since traffic to/from the lan would pass through the same LAN interface and would get blocked by the default rule. As it is internally there's no problem as people can access load balanced internet while using all the services we have set up.
The problem is external: some people have access to Remote Desktop to work from their house but the line they use to access is not one of the WANS connected to pfsense but rather the other firewall. So traffic should be doing this trip:
User's House Line -> Smoothwall Firewall -> User's PC -> pfSense LAN IF (because the computers have pfsense as their gateway) -> pfSense WAN IF -> User's House Line
pfSense is blocking access with this showing in the log:
LAN 192.168.230.75:3389 200.122.x.x:1275 TCP:S
I've already allowed outbound access to that particular PC as a test but it's still being blocked.
Any clues?
-
In your scenario I am afraid no states are built in Firewalls as traffic is asymmetric and goes through NAT. Home PC will not understand that response-packet belongs to initiated connection as there will be a mess with tcp ports.
Why do not you make life simplier: User's House Line -> pfSense WAN IF -> pfSense LAN IF-> User's PC -> pfSense LAN IF -> pfSense WAN IF -> User's House Line
-
Yeah, that's what i eventually did since i gave up heh