Cannot RDP out of network
-
OK, I have been hammering away at this for 4 days not and figured I'd reach out now. The problem I am having is that I cannot RDP out of my network. I am not a firewall guy, but I'm trying to learn. I have searched these forums and have stared at the Pfsense wiki like a deer caught in the headlights. I have googled it, Binged it, and even asked Mr jeeves, and I still, for the life of me cannot figure it out.
The problem I have is that I cannot RDP out of my network. I have removed the PFsense box from the network and have verified that RDP is working. I have even created ( so I though) rules that would allow everything in and out of my network and it still does not work. I understand that the firewall does not block out bound traffic and only inbound and even followed the guide ( https://doc.pfsense.org/index.php/Example_basic_configuration ) for a basic setup for my initial set up (excluding FTP and ports for mail).
I went as far as gabbing a packet capture and did not see anything tell tail ( then again I dont full understand how to read them), and when I clear the logs and try to RDP noting is showing up in the logs.
I'm learning and I do not have this actually on my primary internet, I have it on a separate LAN network segregated from my main network.
I have attached a screen shot of my rules and NAT.
Any help would be appreciated.
-
You've gotten pretty clicky-clicky with your stuff indicating a basic misunderstanding of what you're actually doing.
What is the IP network of LAN?
Why all the outbound NAT rules for OPT1. Is that another WAN?
Why are you limiting LAN to TCP/UDP only? That's certainly not the default config.
Where are you trying to RDP to? Are you sure it's not being blocked inbound there?
Read and understand this. Particularly the part about what interface rules should be placed on and that you are passing traffic coming INTO pfSense, not going out of it.
https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting
-
Derelict, Your are right. I got to the point where I was clicking on everything trying to get it to work you should have seen it before I cleaned it up ;)
The LAN network is 172.31.192.xxx
OPT1 was going to be another WAN, but I have not go that far.
I though I was allowing it for all when I made the rule for TCP/UDP
I am trying to RDP to a server at my office, but it appeared that across the LAN I cannot rdp to another PC
I will print it out and read it now.
Thank you.
-
You can do anything, including RDP, as long as the traffic is passed into LAN.
How are you getting to the remote RDP? Over the internet? VPN? Is there a port forwarded there or something?
I'd bet your problem is there, not locally.
-
I am using RDP straight to the server. When I am out of my test environment I can connect both over the internet and when I connect with my VPN, but when I am in my test environment I cannot connect either way. I am seeing DNS event ID 1014 ( see image) in the logs on my PC that I have not seen before, and I am not having a problem getting to the internet.
-
Where is the server? What IP address? What interface? I have no idea what your test environment is. I am not a mindreader. Draw a diagram.
-
My apologies. Here is the set up including the server I am trying to RDP to.
-
On your LAN interface, disable all the rules you added and reenable the last one that you disabled. Then post another screen shot.
If you do that and you still can't RDP, then the problem is in one of the other routers or firewalls, not pfSense.
-
Ok, I did that and the same results. I cannot RDP to it. I have verified that the port 3389 is open as well.
-
Your problem is elsewhere.
Do a packet capture on pfSense WAN filtering on port 3389 and try a connection. You will see it going out but not getting a reply.
You have three other routers in the mix. I don't know why you insist the problem is with the one with a pass any any any rule on it.
-
ok I will do the packet capture. The only reason I think it has to do with PFsense is because if I remove that and use my normal network I can RDP without a problem. I do understand there is 2 additional routers in the mix, but assumed that if it worked outside of the network with the PFsense it should work behind it as well. Or am I looking at it the wrong way? Like I said I am not a firewall guy, I'm trying to learn it. The PFSense manual is on order.
-
I don't know. Double NAT sucks.
-
ok. I set the comcast modem in bridge mode and still cannot RDP. I tried a packet capture and nothing was captured (no data) which I thought was odd.
Im not even seeing anything blocked in the log files after I clear them and then try to connect.
-
No idea, dude. There is nothing special about RDP. It's just packets.
Did you port forward both TCP and UDP? If not, do that.
-
Why are you using the same LAN subnet in both locations? Over NAT it shouldn't matter but maybe there's something in the RDP protocol that's jacking up somehow.
-
I appreciate all the time you spent with me today. Its still not working after changing the scope to 192.168.1.0
I might just blow the whole install away and start from scratch.
Thanks again.
-
Can you simply browse the internet? If so, it's not pfSense.
-
I can that's what did not make sense and why I reached out here.
If your saying the rules I had were fine, ill blow it away and start again.
-
If it was the firewall blocking RDP there would be firewall logentries. But if you want to start over, I'd backup your config first so maybe if that works and you feel like it you can restore it and find out why.
-
Good plan. I will do that and we'll see what happens.
