Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem accesing RDP

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hacktek00
      last edited by

      Hi.

      We have a pfsense box that provides load balanced internet access to the office (2 WANS) while still giving access to the intranet (1 LAN, multiple subnets). Because of the multiple subnets (which are controlled by another firewall) i have checked the "Bypass firewall rules for traffic on the same interface" option since traffic to/from the lan would pass through the same LAN interface and would get blocked by the default rule. As it is internally there's no problem as people can access load balanced internet while using all the services we have set up.

      The problem is external: some people have access to Remote Desktop to work from their house but the line they use to access is not one of the WANS connected to pfsense but rather the other firewall. So traffic should be doing this trip:

      User's House Line -> Smoothwall Firewall -> User's PC -> pfSense LAN IF (because the computers have pfsense as their gateway) -> pfSense WAN IF -> User's House Line

      pfSense is blocking access with this showing in the log:

      LAN  192.168.230.75:3389  200.122.x.x:1275  TCP:S

      I've already allowed outbound access to that particular PC as a test but it's still being blocked.

      Any clues?

      1 Reply Last reply Reply Quote 0
      • E
        Eugene
        last edited by

        In your scenario I am afraid no states are built in Firewalls as traffic is asymmetric and goes through NAT. Home PC will not understand that response-packet belongs to initiated connection as there will be a mess with tcp ports.

        Why do not you make life simplier: User's House Line -> pfSense WAN IF -> pfSense LAN IF-> User's PC -> pfSense LAN IF -> pfSense WAN IF -> User's House Line

        http://ru.doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • H
          hacktek00
          last edited by

          Yeah, that's what i eventually did since i gave up heh

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.