How to block RDP access in 1:1 NAT setup
-
johnpoz said in How to block RDP access in 1:1 NAT setup:
if you only need http and https, just forward those
Or at least block all the other ports on the 1:1 NAT, because otherwise you're opening up file sharing, RPC, whatever else is listening on Windows on a LAN. Probably easiest to add a rule to allow HTTP/HTTPS and block the rest.
-
@teamits Yes however "1:1 NAT maps all the external ports on that IP to the internal IP but you must still have firewall rules to allow the traffic to reach the local server."
https://forum.netgate.com/topic/75917/1-1-nat-vs-port-forwarding-when-to-use-each/3
-
Hello!
Port 6665 for remote access to your network seems odd, not because IRC is odd, but because that port has been so badly abused.
https://www.speedguide.net/port.php?port=6665
You might want to pick a "safer" port, unless that is not your intent...
John
-
@serbus Thank you, very good point!
-
Security though obscurity is not security... Opening up rdp to the public internet no matter what port is a BAD idea!!! If you want to rdp to this box, then vpn in and then do it.