Help with NAT for RDP connection -

kappler0 · Aug 6, 2012, 2:49 PM

Hello all,

First, let me say thank you in advance for any help here. I cannot seem to get NAT working for RDP to connect to my server. I have set up everything as I believe should be correct but it still does not seem to listen on 3389…

My set up is as follows:

Load balancing two WAN ports from different ISP's - both with static addresses.
LAN is on one subnet.
The Server is on a reserved / static IP and is set to accept all types of RDP clients - (this all worked on a different sonicwall before as well)

I have NAT to forward 3389 to the server ip address but tests show the port is still closed?

Thank lots!

podilarius · Aug 6, 2012, 3:00 PM

Are you having troubles from both ISPs?

kappler0 · Aug 6, 2012, 3:11 PM

i have only tried the main ip of one isp (wan01 ip of pfsense)… the other is our voip traffic so i dont want to go across it if it can be avoided.. but, have not tried.. does this matter?

kappler0 · Aug 6, 2012, 3:13 PM

I m also seeing that we can only seem to have one connection at a time in the LAN??? If one person is connected via RDP than it give the standard RDP error like it cannot connect for anyone else… very strange...

podilarius · Aug 6, 2012, 3:19 PM

That is strange. You should be able to connect 3 users to a standard server (1 console and 2 non-console). Something might be wrong with the server config.
As far as the firewall is concerned, you just need to make sure that the NAT is on the correct ISP and the firewall rule is also. Then try with no one else connected to make sure it works.

kappler0 · Aug 6, 2012, 3:27 PM

well the server has term service licenses… so i can connect 20 users at once. this setup worked before. i am getting that the 3389 port is not listening when i check the ip from outside?.
my FW is set as follows:

kappler0 · Aug 6, 2012, 3:34 PM

little update - LAN connections just started working on their own? i am confused about that.. but, still no joy on the NAT from outside..

podilarius · Aug 6, 2012, 4:45 PM

Are you using your multiwan in a load balancing, fail over, or dedicated traffic method?
Also, you are going to have to post your NAT setup?
Do you have sticky connections turned on?

kappler0 · Aug 6, 2012, 7:56 PM

I don't know whats going on but it all just started working on its own… This is really strange!
So, Does this look right?

PS: What are sticky connections?
Here is the NAT:

podilarius · Aug 6, 2012, 8:02 PM

http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x#Sticky_Connections

http://doc.pfsense.org/index.php/Inbound_Load_Balancing (in additional notes)

If you are only using the one connection, you don't have to worry about it. I was just check on the status of the sticky.

cmb · Aug 7, 2012, 6:19 AM

@kappler0:

Here is the NAT:

What you're doing there is forwarding ports 3389-3399 on your WAN01 IP to the exact same port on 192.168.1.100. 3389 to 3389, 3390 to 3390, 3391 to 3391, etc. You only need 3389 there.

Also make sure the Windows firewall isn't blocking it, it has the default behavior of blocking off-subnet RDP.