News: This forum is now permanently frozen.
Pages: [1]
Topic: NAT Issues for Remote Desktop  (Read 661 times)
« on: December 16, 2014, 02:34:31 »
GrumpyBum *
Posts: 2

Hi All,

I have deployed a remote desktop server (Server 2012 R2) inside my LAN for external access to this server but I cannot connect to this. I have reviewed and recreated setting a few times now and getting nowhere.

I am no Network Engineer so even if this is obvious to some I would love to be able to get this working,

M0n0wall is setup as WAN (DHCP / Static via MAC Allocation) 172.*.*.200 and LAN in Hyper-V 2012 R2

NAT: Inbound,
WAN     TCP/UDP     3389     3389     JumpBox RDP

Firewall WAN Rules,
TCP     *     *     3389     NAT JumpBox RDP

Firewall Logs,
X     (Time)     WAN     172.*.*.160, port 61439, port 3389     TCP

I am at a loss to why this will not work but it seems to be something about this port 61439 that seems to be the problem, however I have no idea what this is and it changes every time a connection attempt is made.
This happens with cmd, 'mstsc /v:172.*.*.200' and with 'mstsc /v:172.*.*.200:3389'

If anyone can please point me in the appropriate direction this will be amazing.

Many thanks,
« Reply #1 on: December 18, 2014, 22:49:34 »
Lee Sharp *****
Posts: 517

That should work.  However, that WAN address is not 172.16.*.200, is it?  You may have a double NAT going here.
« Reply #2 on: December 22, 2014, 23:12:19 »
GrumpyBum *
Posts: 2

Thanks Lee,

Interesting looking at this one, I have removed the block on private networks and this is all working.
This is not something I have done sooner as this is a 172.17 address and not 172.16

I am looking over this again, although been a link between 2 internal subnets I am not over concerned about security although some is good.

Have a merry Christmas
« Reply #3 on: December 22, 2014, 23:18:23 »
Fred Grayson *****
Posts: 994

The RFC 1918 addresses in the range you are looking at are a 20 bit block: -

Google is your friend and Bob's your uncle.
« Reply #4 on: December 23, 2014, 01:38:31 »
Lee Sharp *****
Posts: 517

So, you need to make sure that "Block private networks" on the WAN page is not checked.
Pages: [1]
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines