trouble with firewall rules
-
i'm notice some issues at the moment of the remote desktop connection. i made a rule to permit MSRDP 3389 tcp/udp to host 192.168.9.87 , the connection initialize and the screen session are black.... i check the firewall logs and see denying the traffic from the rdp destination like a reply(check capture) so i have to made some kind reply rule, after that i can connect right, i was reordering and modifying some rules and upgrade to 2.7.0 but not sure the update are the cause, but this no happened to me before so my preoccupation is this can happen with other traffic and rules.... i'm take a look if this is a asymmetric routing behavior but is no the case.
MYPC---FW1<----ipsec tunel---->FW2--- SERVER
On FW1 permit on lan interface tcp/udp src mypc dst server:3389
On FW2 permit on ipsec tab permit tcp/udp src mypc dst server:3389
the rdp session screen are black so i add respective rule to permit src server:3389 dst mypc on both FW and the rdp session become fine..... mybe are related to the rdp over udp.... i don't really know
thanks in advanced
-
@luisenrique
If reply packets are blocked it"s most probably due to asymmetric routing.However, no idea what could be the reason in your simple setup.
Run a packet capture on FW2 LAN to investigate. Ensure that you see both request and reply packets. -
@viragomann i have only one path to reach each one FWs
thanks -
@luisenrique FWIW in Windows 10 we found our clients using RDP over UDP had frequent disconnects/reconnects. TCP was fine. Windows 11 is better but still dropped occasionally. I suggest sticking to TCP if possible.
Is the "black window" after logging in? The first thing you see should be the login prompt, or maybe a certificate warning for the self-signed cert the Windows PC is using.
-
@SteveITS yes the black windows after loggin, this no happened the last week
-
@SteveITS i swiched to TCP only the connection are OK and has no necessary the reply rule... i don't have a asymmetric routing, but why? this no happened to me before pfsense 2.7.0 update update, i have made some changes on my firewall rules to make more readable and organized, i never have this issue.
-
@luisenrique I don't know, but I would suspect it's not related to pfSense. RDP via UDP has just been unstable, in my experience over the past few years. When did you upgrade to 2.7? The July Windows Updates came out on July 11... Any recent antivirus program updates?
-
@SteveITS said in trouble with firewall rules:
@luisenrique I don't know, but I would suspect it's not related to pfSense. RDP via UDP has just been unstable, in my experience over the past few years. When did you upgrade to 2.7? The July Windows Updates came out on July 11... Any recent antivirus program updates?
i upgraded both pfW last week, now i'm switching to RDP TCP and this the connectin are OK, i will check my all rules and config to ensure all is ok or are related with rdp over udp. thanks
-
That initial screenshot looks like fragmented packets. No ports or shown on the first part of the fragmented packet. TCP likely handles that far better.
-
@stephenw10
yes, i switched to TCP and the problem has gone... so my question now is why before no happened to me?...
i made more restrictive pf rules because they are too open or permissible rules, and later make a pfsense update, really now i don't know the cause, i don't see other issues in my network.
thanks!!! -
Seeing fragmented packets like that implies some type of MTU mismatch so I'd look for that. Perhaps something changed on your WAN. Or maybe you added a VLAN the traffic is using.
