Good day,
I am very new to IPFire and want to try it out.
Can anyone please assist me with how to create a firewall rule to allow a internal Computer to allow RDP from external computer?
I don’t seem to find any proper guides etc?
Good day,
I am very new to IPFire and want to try it out.
Can anyone please assist me with how to create a firewall rule to allow a internal Computer to allow RDP from external computer?
I don’t seem to find any proper guides etc?
Hallo @unleashed186
Welcome to the IPFire community.
You should follow the Port Forward firewall rule documentation in the wiki.
https://www.ipfire.org/docs/configuration/firewall/rules/port-forwarding
In that guide when you get to the Protocol section, select -preset- and then in the drop down box of Services you will find RDP listed in there.
This RDP entry is for port 3389, which is the normal default port for RDP.
I tried that and still not working…
Attached is a screenshot…
Also unable to telnet to the pc using dynddns and the port number…
That screenshot looks good. I would expect that to work.
Just to check. After creating that rule you did press the green Apply Changes button on the main Firewall page?
If that was pressed then you should try and access the computer via RDP from externally and then go to the Logs - Firewall Logs menu on the WUI.
Then search in the log for 192.168.137.221
If nothing shows up then press the Export button on that log page and after a while you will have all the log entries for the selected date shown in a browser page. You can then search for that internal IP Address in that exported list.
EDIT:
You can also search in the exported log for DNAT and FORWARDFW as any port forward rule will always have a pair of firewall rules triggered, the first being the DNAT and the second being the FORWARDFW.
Here is an example from one of my IPFire systems with a Port Forward for http (80), used for my Lets Encrypt check.
10:48:03 DNAT IN=red0 OUT= MAC=02:f3:b9:67:26:e4:00:0e:00:00:00:01:08:00 SRC=121.165.81.20 DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=46 ID=21179 DF PROTO=TCP SPT=61119 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
10:48:03 FORWARDFW IN=red0 OUT=green0 MAC=02:f3:b9:67:26:e4:00:0e:00:00:00:01:08:00 SRC=121.165.81.20 DST=192.168.26.30 LEN=48 TOS=0x00 PREC=0x00 TTL=45 ID=21179 DF PROTO=TCP SPT=61119 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0
The DNAT line shows the packets coming from an external IP (SRC) and goinf to your Public IP (DST), in this case my bpublic IP has been anonymised.
If that DNAT is recognised by the Port Forward rule it will then be passed to the FORWARDFW rule which has the SRC as the external IP and going to the DST of your internal computer on the green subnet or whichever other internal subnet you have the system on.
Seeing what results you are getting in your logs might help to understand at which stage it is failing (you can overwrite any sensitive info such as your public IP.
Thanks Adolf,
After a few minutes it started working.
Another question if you can please assist, I would now like to internally access the same PC via the external IP or FQDN.
Would this be possible?
Otherwise with openwrt I created a dns record that pointed the FQDN to the internal IP.
If I need to do the same where would one create such a DNS record?
This may be what your looking for.
And this you may find useful
Hi Guys,
I managed to fix the external DNS record not working internally by setting the firewall rule to Source Any and not the RED/WAN as source…
@unleashed186
Since you did not give an answer to my question, here is some additional important information about sharing RDP over the Internet
Regards