IPFW RDP protocol

[jeditoo]

Hello lads,

I've came further with my config of Softether VPN and IPFW.
I'm in place where I want to allow RDP to only 1 IP, let' say it's: 192.168.1.10.
I add a rule:

allow tcp from any to 192.168.1.10 3389 out via $iif setup keep-state

I'm able to telnet 192.168.1.10 3389 but can't RDP while I'm on Windows which is connected to VPN.

Am I doing this wrong? Please help me out.

 

[SirDice]

Port 3389 should be the only port that you would need to allow for RDP to work.

I'm able to telnet 192.168.1.10 3389 but can't RDP while I'm on Windows which is connected to VPN.

Are you testing that telnet from the same Windows machine? If that works then RDP should work too. But perhaps the Windows client tries to use authentication for single-sign-on purposes. Do you get any errors? Or does it just time-out?

 

[olli@]

I’m not sure I understand your setup correctly.
When your Windows machine is connected to a remote VPN, then your router (firewall) doesn’t see the RDP packets at all. It only sees the VPN connection. You can easily check by looking at the packet counters of the rule ( ipfw show displays them). If the counters don’t change during an RDP connection attempt, then the packets don’t hit the rule.