DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th May 2009
cerulean's Avatar
cerulean cerulean is offline
Port Guard
 
Join Date: May 2008
Location: Arizona
Posts: 18
Thanked 0 Times in 0 Posts
Question pf & remote desktop protocol

this is not really freebsd specific but not sure where it should go..

I am attempting to setup quite a few of our Windows desktops with RDP through PF ... I can setup a port redirect to 3389 or change the port for a particular windows box and port redirect on that port, but I would *really* like to keep the windows boxes on the standard RDP port 3389 and then have the incoming port different (ie 3390, 3391, 3392, 3393, etc).

In graphical form:

WAN Port - xxx.xxx.xxx.xxx:3389 -> PF Port Forwarding -> WinPC:3389 Works
WAN Port - xxx.xxx.xxx.xxx:3390 -> PF Port Forwarding -> WinPC:3390 Works

But want...

WAN Port - xxx.xxx.xxx.xxx:3390 -> PF Port Forwarding -> WinPC:3389

I tried the following rule but without success:

rdr on $ext_if proto tcp from any to any port 3133 -> 192.168.1.133 port 3389

For the reason: When doing software updates, I operate on the local network and use remote desktop internally ... it would be nice not to maintain a list of each port (not to mention having to modify registry on each computer). I thought of possibly doing a VPN but given the extra configuration on the Windows box + additional support, keeping with just a port redirect RDP seems easier.

Thanks for any advice!!

Joe
Reply With Quote
  #2   (View Single Post)  
Old 19th May 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

Redirection alone is half the story. The redirected traffic must be allowed to continue on to the destination. This will usually work (assuming the target is behind another interface):

Code:
(this takes care of the 'pass in' part on the external side)
rdr pass on $ext_if inet proto tcp from any to $ext_if port 3133 -> 192.168.1.133 port 3389
rdr pass on $ext_if inet proto tcp from any to $ext_if port 3130 -> 192.168.1.130 port 3389
(this will take care of the 'pass out' part on the internal side)
pass out quick on $int_if inet proto tcp from any to 192.168.1.133 port 3389 keep state
pass out quick on $int_if inet proto tcp from any to 192.168.1.130 port 3389 keep state
etc.
Reply With Quote
  #3   (View Single Post)  
Old 19th May 2009
cerulean's Avatar
cerulean cerulean is offline
Port Guard
 
Join Date: May 2008
Location: Arizona
Posts: 18
Thanked 0 Times in 0 Posts
Default

Thanks!

Unfortunately that didn't work. I ended up doing the following which did work:

rdr on $ext_if proto tcp from any to any port 3133 -> 192.168.1.133
pass in on $ext_if inet proto tcp from any to 192.168.1.133 port 3389 flags S/SA keep state

That second rule doesn't seem to make a lot of sense to me (as it is a pass on the external interface, I'd assume port 3133, not port 3389?) but I was able to utilize remote access.
Reply With Quote
  #4   (View Single Post)  
Old 19th May 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

That does not make sense, no. There is no overlap between the two (you don't have a destination port in the first rule for 192.168.1.133, so the port will stay the same (3133)). In fact 'rdr pass' is a shortcut for an additional pass in rule. It looks like the outside world is connecting straight to 192.168.1.133:3389 without any redirection. Then again, I don't know how you network is set up (router, bridge, nat, interfaces, etc.)
Reply With Quote
  #5   (View Single Post)  
Old 2nd August 2011
www19701 www19701 is offline
Real Name: Ross
New User
 
Join Date: Jul 2011
Location: Panama
Posts: 3
Thanked 0 Times in 0 Posts
Default Virtualbox questions

I have the situation...
FreeBSD server with static IP (let say 200.20.21.10), where I have installed Virtual Box with Win XP on it(XP uses bridged interface...I need ping to be available from this windows). So, I trying to connect from other network (let say 201.21.22.11) to virtual windows on freebsd server and when using NAT in Virt. windows as device, will connect on 3389, but can't ping from that windows. When I using bridged interface (rl0) in Virt. windows, can't connect to this Virt. windows using 3389. Windows ip: 190.141.5.10 nm 255.255.252.0

I believe, I need to use pf.conf in freebsd server to forward this port/protocol, when making connection from 201.21.22.11 to Virtual windows (190.141.5.10)

Thanks, any advice appreciated...

PS:From FreeBSD server telneting to 190.141.5.10 on port 23 with no problem
Reply With Quote
  #6   (View Single Post)  
Old 2nd August 2011
www19701 www19701 is offline
Real Name: Ross
New User
 
Join Date: Jul 2011
Location: Panama
Posts: 3
Thanked 0 Times in 0 Posts
Default

I have FreeBSD server with static IP (exml. 200.20.20.10). where I have running VirtualBox with Win XP on it...with bridged interface (rl0, I need make ping from windows) and IP 190.141.5.10. So I connecting from another network (exml. 201.21.22.11)... When on Virtual Win XP NAT device I will connect to remote desktop, by using Virtual Box NAT forwarding. But when I use Bridge interface (rl0), can't make remote desktop connection from 201.21.22.11. Do I need in this case to use FreeBSD's pf.conf to forward 3389 from 201.x.x.x to 190.141.5.10 though FreBSD's 200.20.20.10?
PS: telneting from freebsd to virtual Win XP (telnet 190.141.5.10 23) successfully...

So, I need to connect from 201.x.x.x:3389 (remote desctop Windows, Unix etc..) (or any other network) to 190.141.5.10 (with bridge rl0, to have ability run ping from windows) though FreeBSD server (200.20.20.10)
Thanks
Reply With Quote
  #7   (View Single Post)  
Old 2nd August 2011
www19701 www19701 is offline
Real Name: Ross
New User
 
Join Date: Jul 2011
Location: Panama
Posts: 3
Thanked 0 Times in 0 Posts
Default Never mind

Please, never mind... I fixed it.
Reply With Quote
  #8   (View Single Post)  
Old 4th August 2011
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

www19701

Quote:
Originally Posted by www19701 View Post
Please, never mind... I fixed it.
What was the fix?


TIA,

Cyberjet
Reply With Quote
Reply

Tags
pf, port redirect, rdp, windows

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Your Desktop OS? Carpetsmoker Off-Topic 81 13th November 2011 12:17 AM
Fastest 64 bit desktop OS? Randux General software and network 8 12th January 2009 12:05 AM
Blocking remote desktop apps bichumo General software and network 3 30th September 2008 08:14 PM
FreeBSD KDE/GUI DESKTOP HELP rave_mystery_inc FreeBSD Installation and Upgrading 5 5th July 2008 06:18 AM
[Help] Making the desktop in [BSD 7.0] seadog109 FreeBSD General 15 9th May 2008 05:10 AM


All times are GMT. The time now is 04:23 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick