Port forwarding (Remote desktop) hangs pfsense



  • Hi

    I configured port forwarding for a few services and everything works fine, except remote desktop.

    When I try to log in I get to the screen where I enter the user and password but once I get to the desktop the connection hangs, not only that, but all the connections are dropped (even outbound) for 10 seconds, also the web admin page of pfsense stops when this happens (inside the LAN). All other services defined in port forwarding work perfectly.

    I'm running pfsense inside vmware workstation and I have the exact same problem in m0n0wall.



  • I doubt this is a PFsense issue, but give us more specifics, so we can help.



  • Like what?

    Sorry but I'm new to this forum so I don't know what are the info required when you post a problem.



  • Type of internet connection, type of modem, type of hardware that you have pfsense running on, version of pfsense you are running and anything else you can think of.

    :)



  • In addition to chpalmer's info, give us a network map, post nat config, post firewall rules.  Also, where are you testing from?



  • Same here.

    Forwarded RDP port. I am asked for password by RDP client and sometimes I get to the (frozen) screen where there should be an animated circle visible. SOmetimes I just get a black screen after entering password/username in RDP client.

    • Latest stable PFSense
    • CLient computer on 'LAN' network

    I can access fine if I tunnel RDP through SHH.

    Will investigate further…



  • Is the VM bridged or NAT'd?



  • In my case the pfSense is in a VM and is bridged.

    Please see attached snapshots of config. Let me know if you need more. The machine I want to RDP into is 192.168.1.50; it worked when behind a fritzbox. Would prefer using pfsense now, though. Also, the webserver which is on the 192.168.3.0 routed internal network seems to be working just fine NATed…















  • Banned

    IN Firewall -> Rules -> WAN, remove RFC1918 networks.



  • Thanks for the suggestion.

    What makes you think that this helps resolve this situation? Reading the description next to the check box I don't think this helps. As far as I can see, my WAN does not have a 1918 address (see one of the screenshots).

    When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8).  You should generally leave this option turned on, unless your WAN network lies in such a private address space, too.

    Of course, I tried with the setting as per your suggesting, but no luck…

    Happy to try other suggestions!



  • @kjsmeets:

    Happy to try other suggestions!

    A good start would be providing the information requested by chpalmer and marvosa.

    @kjsmeets:

    • CLient computer on 'LAN' network

    The pfSense LAN network? Presumably not since the pfSense port forwards are on the pfSense WAN interface. So how is this all hooked together and which LAN hosts the client under discussion?



  • Sorry it took me a while, but I believe the attached picture has the additional troubleshooting information requested.

    I am almost totally happy about this setup: everything is working except incoming RDP. Note that I am also NATing some other ports from WAN to an (undrawn) 192.168.3.x network (e.g. SMTP, SSH, HTTP) and this is working just fine.

    Please let me know if I can provide more troubleshooting info (logging perhaps? not sure where to look).

    ![net setup.png](/public/imported_attachments/1/net setup.png)
    ![net setup.png_thumb](/public/imported_attachments/1/net setup.png_thumb)



  • @chpalmer:

    Type of internet connection, type of modem, version of pfsense you are running and anything else you can think of.

    :)

    @marvosa:

    Also, where are you testing from?



  • @chpalmer:

    @chpalmer:

    Type of internet connection, type of modem, version of pfsense you are running and anything else you can think of.

    :)

    @marvosa:

    Also, where are you testing from?

    I am sorry, but I am not quite sure I am following here. The information requested is in the picture I created and attached. Or am I missing something?

    Where I am testing from is usually from my cell phone (which I can confirm it worked before I switched to pfsense); but I have also tried from my employer's wifi (also used to work; fiber) and from my parent's cable modem connection. Also used to work.



  • Does the RDP server in Windows log your access attempts? If not, can you make it do so? Does it also log anything related to those access attempts?



  • @kjsmeets:

    I am sorry, but I am not quite sure I am following here. The information requested is in the picture I created and attached. Or am I missing something?

    Where I am testing from is usually from my cell phone (which I can confirm it worked before I switched to pfsense); but I have also tried from my employer's wifi (also used to work; fiber) and from my parent's cable modem connection. Also used to work.

    I missed the pfsense version in the picture but the other information is not there.

    You mention in your first post-

    I have the exact same problem in m0n0wall.

    I can tell you that I RDP all over the place into multiple systems that have a pfSense box out front as do many others here so even if something sounds the least bit remote its important to mention. There is obviously a problem with your config or equipment.

    What is the model number of the modem you are using?

    What kind of internet connection is this?  Im assuming DSL due to the PPPoe connection but other connection types also use PPPoe.

    Did you go from router to bridge in your modem when you tried to add the firewall?

    On your incoming firewall rule for RDP set it to log. (check box) and watch to see if your attempts show up.



  • Seen similar behavior when I used to run pfSense in MS Virtual PC.

    Trying to Remote Desktop to the host Windows machine from WAN would lockup.

    Sorry I don't have more detail.  It's been quite awhile ago and no longer running that setup.



  • I have no problems RDPing out from pfSense with a pass rule for the RDP port. But I also have a running OpenVPN connection at the time so it's RDP to a private subnet.



  • All,

    I think there is some kind of confusion here. I am NOT the Original topic poster. I thought, in order to prevent multiple posts on a very similar topic, to post/join my problem in an existing topic.

    Note that the Original topic poster (krneki) hasn't provided any troubleshooting information since he started this topic; unlike him I am trying to provide you with the information you are requesting.

    So, again, what information is missing from the picture I posted. chpalmer, you say you found the pfsense version but 'the other information is not there'. The equipment make and model is in there, the internet connection spec is there… The NICs being used are Intel PRO/1000 GT Desktop Adapter for the LAN/WAN on the PFSense virtual machine; there is a Realtek PCIe GBE Realtek® 8111E.

    Later today I will try
    (1) capturing log information from the WIndow host I am trying to RDP into
    (2) RDP into another physical host on the same 192,168.1.x subnet, see if that works.

    Sorry for any mixup, confusion so far! Appreciate you help.



  • ok, here's an update:

    • RDPing to the same host on a 192.168.3.x address does the same thing: RDP hangs after login credentials have been validated

    • RDPing to another host (laptop via wifi) on a 192.168.1.x address does work.

    • Here's http://www.fotoloog.org/rdp_hang.pcap of a hanging RDP-session until it times out. Packet capture is on Realtek interface of RDP target, 192.168.1.50, filter set to "PORT 3389". Actually checking whether there's anything useful in this capture is beyond my capabilities (yet), but possibly something will strike one of you…?

    • One odd thing: whenever I log back in locally on the RDP target after RDP setup timeout, I notice outlook complaining about loosing connection, then restoring soon after. Outlook did not complain on the one successfull RDP session I had when preparing this message.

    While typing this message I wanted to make a packetcapture to attach to this post I got a successfull, working RDP session..?! May



  • Good luck man!



  • Sorry if iv miss read. Are you using VMware workstation? What version? Id personally say its something to do with the virtual machine. Can you try maybe installing open vm tools as a 3rd party package? Just an idea….


Locked