RDP connection to Windows Server outside the network
-
Good day.
Cant connect to Windows server 2008 using RDP outside the network. I can connect to windows server thru LAN using RDP.
But i can connect to windows 7 using RDP outside the network.
I already setup port forwarding and uncheck "Block private networks" - "Block logon networks"
Thank you.
-
Works just fine. Without posting screenshots of your NAT/firewall rules, you can try a crystall ball. Also kindly disable the firewall on the W2008 server before any testing.
-
1/ How on earth do you imagine me to figure out which one out of those does not work?
2/ What's that advanced stuff all over the LAN? -
sir doktornotor,
all the MS RDP of terminal server and sql server (windows server) rules and nat does not work if try to access it outside the network. but if if the client is windows 7 i can access it outside the network.
I can access it all the MS RDP inside the network.
the advanced stuff is traffic shaper.
thank you.
-
I definitely won't debug your SQL server mess. (Reading some MS docs would help there.)
Regardless I cannot see any rule permitting outgoing traffic from LAN for any of those machines. Neither PayrollServer, nor TerminalServer, not even SQLServer alias has any outbound rules permitting traffic to go out from LAN. How exactly should that work goes beyond me. Not exactly surprised you can only work with those on LAN – since that traffic does not go through the firewall at all.
On a generic note, having two zillions of nondescriptive aliases and duplicating rules on a per-machine basis/per-port basis certainly does NOT aid debugging. You are using aliases in places where it absolutely does NOT help (look at your LAN rules... is that one alias per IP or what?!), and avoid them in places where they'd extremely benefit the setup (like, the SQL server mess -- you did not notice that you can use aliases for ports, or... ???)
-
sir doktornotor,
thank you for the advice regarding port no for sql. i will change the rules.
i add rules under WAN
Proto: IPV4 / Any
Source: Lan Net
Port: Any
Destination: Any
Port: Anyi tested it a while ago and i successfully connected to terminal server outside the network, but the rules that i add is it safe?
thank you.
-
A WAN rule does not apply at all for traffic coming from LAN. Will never get hit by anything legit. Kindly read the articles linked below:
https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting -
sir doktornotor, thank you for your help.
-
Do you need to RDP to multiple lan windows boxes behind the fw?
If you do, then on pfsense have different ports open on pfsense with a portforward rule which goes to the LAN ip address and the RDP port
Then internet side use in the RDP client
IPaddress:Port1 where port1 portforwards to your server RDP port
IPaddress:Port2 where port2 portforwards to your sql box RDP port.You can also change the default port the RDP server listens to on the window box, by tweaking the reg settings as well if you like accessing mutiple windows boxes from inside the lan at the same time.
Then provided you can RDP onto the windows box in question from inside the lan, the pfsense portwards should work ok.
If you want to hide the fact you have (multiple) port forwards setup for RDP on the internet, setup OpenVPN on another ip address range to get you inside the lan, then change your pfsense portwards from wan to openvpn. The less you expose wan side the better imo.
Both work well and gives you a way to have multiple RDP clients open at the same time to multiple window boxes on a lan. Of course having multiple RDP clients open at the same time is also easier if you have multiple monitors as well if you need to work on server(s) and workstation(s) at the same time for testing purposes without having to wait to log in each time or be alt-tabbing between multiple machines.
fwiw.