RDP Outbound

  • For some reason my RDP outbound on both my main firewall and secondary are blocked. Both RDP connections I'm trying to use work perfectly when I tether to my phone. Looking through the two pfsense firewalls, there's nothing blocking anything outbound. Any idea? They aren't running the latest as I didn't set them up, and the original person who set them up had done it years ago.

    Version: 1.2.3-RELEASE

  • Generally outbound is unrestricted by default. For there to be a block in place, it would have to be put there, and since you say there's no block rules in place that would rule that out. Since you can do it when tethered to your phone would seem to indicate the receiving server is still allowing connections. I'd look at the other end if possible, maybe something has blocked your subnet for some reason, or your ISP is causing the block (also not sure why they would be doing that).

  • @rustydusty1717:

    For some reason my RDP outbound on both my main firewall and secondary are blocked.

    What exactly do you mean by "outbound"? If you are attempting to test RDP access from the internet by attempting to RDP to your local firewall's public IP address FROM a system downstream of the firewall then you won't be invokng any port forwrding rules you may have setup on the firewall and hence your access attempt will likely not end up where you hope it will end up.

  • When I say outbound, I mean FROM inside my company's enviroment to my home. Both the firewall at my company is pfsense, as well as at my home. I can quickly tether to my phone and RDP into my house, so I know the forwards are working fine on the home side. I've went through all rules on the firewall at work and can't find a single thing. I've also tried using the 2nd firewall at work, which is also a pfsense one mainly for mail, etc. Only reason I'm posting this is cause I've never ran into this before on pfsense blocking outbound, except rules put in place.

  • A few things you could try:

    1. Packet capture on WAN interface of office pfSense, filter on (say) port=RDP. Do you see your outgoing RDP access? to the correct IP address? (local DNS might be wrong?)

    2. Do you get any response at all?

    3. Packet capture on WAN interface of of home pfSense, filter on (say) port=RDP. Do you see incoming RDP access from correct IP address? Does access attempt match port forward rule?

    4. Packet capture on appropriate interface of home pfSense, filter on (say) port=RDP. Do you see outgoing access attempt to correct IP address and port? Does that access attempt appear in "RDP server" log on target? Does the RDP server log give any clues on how the access attempt was handled? (some servers have their own "firewall" capability such as "forbid access from specified IP subnets")

Log in to reply