OPNsense Forum

Hello guys,

struggling for 3 days by now, getting RDP-forwarding to work, http-forwarding works fine. Wouldn't bother you, but can't seem to get it working and every help would be much appreciated. Here is my setup:

- Hetzner Cloud dedicated server with Proxmox.
- 2 public IPs:
       1) xxx.xxx.xxx.161 -> Proxmox (vmbr0)
       2) xxx.xxx.xxx.150 -> virtualized OPNsense (vmbr0, vmbr1)
- vmrb1 -> LAN 192.168.1.0/24

- 2 additional VMs:
       a) Test LXC with Apache2 (192.168.1.10)
       b) Windows Server (192.168.1.11)

Forwarding on port 80 to the test LXC works just fine and I can reach apache, but RDP to the WinServer just won't. (yes RDP is enabled in WIN and for testing I disabled the WIN-FW)

NAT (RDP):
*************
Interface: WAN
Proto:      TCP
Source:   WAN address
S-Ports:   *
Dest.:      WAN address
D-Port:    1111
NAT-IP:   192.168.0.11
NAT-Port: 3389

For Proxmox interface config and OPNsense firewall rules pls see the 2 screenshots.

I know, the setup is not safe this way, this is just the result of troubleshooting and getting it to work some how.

RDP to xxx.xxx.xxx.150:1111 is not working, allthough I can see in the live view of OPNsense a pass for my RDP request.

Probably (and hopefully) I got something wrong with my FW rules or some other stupid brain fart mistake, but by now I just can't see clearly anymore and I would be really glad and thankful for every help...

Thanks for reading and have a great day!  :)

NAT (RDP):
*************
Interface: WAN
Proto:      TCP
Source:   WAN address    should be: any
S-Ports:   *
Dest.:      WAN address
D-Port:    1111
NAT-IP:   192.168.0.11
NAT-Port: 3389

Hey meyergru,
thanks a lot, for answering. Unfortunately this didn't do the trick. Still same result.

I really don't know, I even reconfigured Proxmox from scratch and reinstalled OPNsense, still same result...

Maybe someone could chime in with another idea, or aspect in the bigger picture I'm missing.

Please use Wireshark on the host that should receive the forwarded packet.

Thank's for helping out. You mean on the host, proxmox is running on, or the WindowsServer VM? And you probably mean the traffic on the nic to OPNsense?

No I mean you install wireshark on your windows server and then run it while initiating an RDP session.

Then you check the wireguard paket capture if you see any pakets coming in on port 3389 (to that server)

Ok, thanks for clarifiying... I did. No there are no packages incoming when I initiate the RDP session.

Could it be, that there is a gateway problem? I see "who has 192.168.1.1?". But why is Apache on the test LXC working then? And it seems like when I initiate the RDP session, that traffic is stopping for like 30-60 sek.

Do you want the report? Then just give me few minutes, to blur out some stuff...

Probably didn't need to censor the solicit stuff  :D

Here is a screenshot (tried 3 Times to RDP in that time frame)

Maybe your windows firewall blocks it or the paket isnt forwarded to the host.

Use wireshark and tcpdump to track the paket from initiator to receiver and find the spot where it vanishes.

Like I said, Win-FW is disabled. I will try to trace it down.

Thank you for your help