Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    After replacing my Dylink router with Pfsense I can no longer RDP to my Windows

    NAT
    5
    13
    2261
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      j601 last edited by

      Hi,

      After replacing my D-Link router with pfSense I can no longer RDP to my Windows 2008R2 Server.

      The following are the details:

      My pfSence Box has two NICs: a one port Intel pro NIC which pfSense see as em0 and a  2 Port PCexpress Gigabit NIC from StarTech which pfSense see as re1 and re2.

      I set up em0 as the WAN port using DHCP.  It is connected to my Cable Modem.

      I set up re1 as my LAN port with a static IP 192.168.1.3. It is connected to my 8 port (not managed) Switch.

      Also connected to the Switch are a Windows 2008R2 Server that acts as a DC and Hyper-V server and 3 Workstations.  The server also provides DHCP and DNS services to the LAN.  The DHCP excluded range is 192.168.1 to 100.

      Currently on the WAN port pfSense is picking up an IP address from my ISP. NAT is working correctly and the Sever and PCs have internet connectivity.

      I set up Port forwarding following the "How can I forward ports with pfSense"

      I set up a NAT rule to forward WAN traffic using TCP protocol that uses MS RDP (port 3389) to my Servers Static IP address and pfSense created a corresponding Firewall rule to allow this this traffic to pass.

      When I try to establish an RDP connection to my server from a Laptop using my 3G Hot spot I get an error message that "RDP can't connect to remote computer for one of these reasons …" None of the reasons are applicable.  I have no issues establishing an RDP connection to the Server from a PC on the LAN.  Before switching from D-Link to pfSense I had no issues connecting to my Server via RDP from remote locations via my 3G Hotspot and since swiching I did not change the Sever / Domain set up.

      To try and debug this issue In the Firewall rule I enabled logging "packets that are handled by this rule".

      In System Logs I can see a Green Icon next to the lines showing the RDP (TCP: S) connection attempt. When I Right Click the Green Icon I get a message that sais:

      The rule that triggered this action is:

      @62 pass in log on em0 replay-to (em0 99.226.x.x) inet proto tcp any to 192.168.1.11 port = 3389 flags S/SA keep stable "USER_RULE:NAT RDP to SVR1"


      When I check the States table I can not see a transaction coreponding to the RDP conection attempet.

      Your help in debugging this issue would be much appreciated

      Thank You

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        You need TCP+UDP for RDP.

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi last edited by

          Try forwarding both TCP and UDP.

          Also, just to be sure - Make sure pfsense WAN interface is showing a public IP - not private.

          Also try rebooting pfsense after you forward both TCP and udp apply the rule.

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi last edited by

            Damn that guy can type fast….

            1 Reply Last reply Reply Quote 0
            • J
              j601 last edited by

              Thank you Guy - will try and get back to you soon with outcome.

              1 Reply Last reply Reply Quote 0
              • J
                j601 last edited by

                Hi Guys,

                I changed TCP to TCP/UDP and rebooted pfSense.  Same outcome.

                The WAN port is picking up a Public IP and the RDP  request is visible in the pfSense Log with a green triangle next to it  … but I can not trace it to the State Table.

                Any ideas?

                Thank you

                1 Reply Last reply Reply Quote 0
                • K
                  kejianshi last edited by

                  Try it from something other than a cell based connection.

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    Filtering Diagnostics > States on :3389 while attempting to connect should certainly show something.

                    I know you state it worked with the d-link, but are you sure the target server has pfSense as its default gateway?  Are you sure it's not a software firewall issue on the target server?

                    Chattanooga, Tennessee, USA
                    The pfSense Book is free of charge!
                    DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • J
                      j601 last edited by

                      Hi Derelict

                      Thank you for pointing me in the right direction.

                      I stated that I did not make any changes on my network and obviously I had to make one simple but very important change.

                      D-Link was on IP 192.168.1.1 and pfSense is on 192.168.1.3.  On the Server the Gateway was 192.168.1.1. The Workstation that I use I have a static IP.  When I connected pfSense I changed the gateway to point to 192.168.1.3. I intended to go and make the change on the Server.  You reminded me to do just that.

                      Changed the Gateway on the Server and the RDP connection works!

                      A beginner’s mistake is fixed.

                      Thank you again,

                      1 Reply Last reply Reply Quote 0
                      • chpalmer
                        chpalmer last edited by

                        @doktornotor:

                        You need TCP+UDP for RDP.

                        I never have any UDP rules for RDP..  Just TCP.

                        :o

                        Triggering snowflakes one by one..

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned last edited by

                          You can see what's being use like this:

                          (UDP being used since RDP 8.0 - W7 with KB2592687 and any later versions. It should fallback to TCP but someone @M$ obviously finally realized that TCP sucks for RDP over WAN…)

                          1 Reply Last reply Reply Quote 0
                          • chpalmer
                            chpalmer last edited by

                            Ill give it a try…  I find other solutions for remoting in have always been a little better.  Id like the MS version to be similar in performance.

                            :)

                            Triggering snowflakes one by one..

                            1 Reply Last reply Reply Quote 0
                            • K
                              kejianshi last edited by

                              Yeah - over a long haul, having that UDP port open SHOULD knock off alot of laggyness.

                              I use UDP VPN myself.  I'm not a big fan of opening ports on the wan for RDP directly.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post