• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to block RDP access in 1:1 NAT setup

Scheduled Pinned Locked Moved NAT
25 Posts 4 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    SteveITS Galactic Empire @johnpoz
    last edited by Mar 3, 2020, 2:20 AM

    johnpoz said in How to block RDP access in 1:1 NAT setup:

    if you only need http and https, just forward those

    Or at least block all the other ports on the 1:1 NAT, because otherwise you're opening up file sharing, RPC, whatever else is listening on Windows on a LAN. Probably easiest to add a rule to allow HTTP/HTTPS and block the rest.

    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
    Upvote 👍 helpful posts!

    H 1 Reply Last reply Mar 3, 2020, 2:36 AM Reply Quote 0
    • H
      Henry @SteveITS
      last edited by Mar 3, 2020, 2:36 AM

      @teamits Yes however "1:1 NAT maps all the external ports on that IP to the internal IP but you must still have firewall rules to allow the traffic to reach the local server."

      https://forum.netgate.com/topic/75917/1-1-nat-vs-port-forwarding-when-to-use-each/3

      1 Reply Last reply Reply Quote 0
      • S
        serbus
        last edited by Mar 3, 2020, 3:59 AM

        Hello!

        Port 6665 for remote access to your network seems odd, not because IRC is odd, but because that port has been so badly abused.

        https://www.speedguide.net/port.php?port=6665

        You might want to pick a "safer" port, unless that is not your intent...

        John

        Lex parsimoniae

        H 1 Reply Last reply Mar 3, 2020, 4:01 AM Reply Quote 1
        • H
          Henry @serbus
          last edited by Mar 3, 2020, 4:01 AM

          @serbus Thank you, very good point!

          1 Reply Last reply Reply Quote 0
          • J
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz Mar 3, 2020, 12:41 PM Mar 3, 2020, 12:36 PM

            Security though obscurity is not security... Opening up rdp to the public internet no matter what port is a BAD idea!!! If you want to rdp to this box, then vpn in and then do it.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            21 out of 25
            • First post
              21/25
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received