Bug in RDP port forward with /console option set : pfsense stop reponding



  • Hi,

    i use a fresh install of pfsense 1.2 with 2 NIC, one Wan and one Lan in a vmware virtual machine.
    I add a NAT rule in "port forwarding" section, for redirect RDP traffic from my WAN IP to my local TSE server.
    When i try to connect to my TSE server when i use my wan ip, All is OK.

    Now, when i try to connect to my TSE server with a console connection with the "/console" option like this : "C:\WINDOWS\system32\mstsc.exe /console"

    The firewall crash and stop reponding for 4 or 5 minutes.

    what is wrong ?? Is there a bug ?
    thanks for any help to correct this.



  • Sorry, that doesn't make any sense at all. Technically there is absolutely no difference between an RDP console session or an additional user session. It's the same traffic on the same port using the same protocol.



  • thanks for your reply,

    Yes i'm according to you. This is the same port and same traffic for a console connection or not.
    That 's just why i don't understand what is wrong.

    It's going me crazy :-)

    But it's a fact! when we use a console connection type the firewall crash and stop routing traffic for 4 minutes !
    And it's a big probleme for me if an outside man can easly stop my firewall with a simple console connection.

    I use a windows 2003 server standard edition and there no probleme with my tse server.All working fine.
    I don't use some special thing ! Just standard tse services.
    I try to replace the pfsense with a zyxel zywall 10 and all working fine. All connections , console or not are ok.

    But when i replace the zywall10 with the pfsense the probleme appear.

    I think that i m not alone with this issue, my configuration is not special.
    Do you have test it ?

    Perhaps a bug with the reserve keyword "console" when it pass throw the firewall , may be ?
    I really don't know what append….



  • I use RDP console connections to servers behind pfSense all the time.
    I use syntax like: mstsc /v:server.company.com /console
    It appears you have done some testing, but what you are saying sounds like crazy talk…
    Perhaps it has something to do with the VMWARE. Can you try this with a real machine with two physical nics?



  • Maybe this is another thread which will come to the conclusion that running a firewall in a virtual machine is not a good idea  ;)


Locked