Bizzare NAT issue after virtualizing pfsense
-
Okay so I moved my pfSense box into my VMware ESXi server and I'm loving it, it's working fantastic except for one small problem.
I am able to access all of my services that I have NAT'd except for any of my RDP connections!
For example, I can access my main windows server's uTorrent GUI on port 8082 just fine, however, when I try and RDP into the machine, I am never able to connect.
I SSH'd into the pfSense box, and was able to ping and nmap my windows server, showing all the ports are open and I am able to fully communicate to the windows server.
I deleted the NAT and firewall rules for the RDP connections, and recreated them, and I am still unable to connect!
I am completely baffled at this point, does anyone know what might be going on?
-
So where are you trying to RDP from – the internet?? Why would be my first question.. Why people would allow rdp from the public internet is just beyond me in lack of common sense.
What protocol of RDP are you using? 8 allows for UDP, etc.
Please draw out your network and we can see what your doing wrong. Are you attempting to access via nat reflection via UDP for example?
And again I would highly suggest if you need to rdp into your network from the actual outside, that you vpn in first!! Must more secure!
-
Re rdp, how would you going about securing public access, or what alternative would you suggest? VPN first?
-
I wouldn't secure public access - since I would not allow it via the public ;) Since I would vpn into my network before doing anything like remote desktop.
But lets say you wanted to just allow access from your place of work to your home, or to your place of work from your home. Then via firewall rules you could lock down access to remote desktop port that you forward into your remote network to only the IP address(es) you will be coming from.
-
Also make sure that the Windows firewall is set to allow incoming RDP from any address, sometimes it is configured to allow incoming traffic only from the same subnet.
+1 to the VPN anyway…