Re: [stunnel-users] More questions on RDP and port forwarding

This is a discussion on Re: [stunnel-users] More questions on RDP and port forwarding within the Stunnel Users forums, part of the Networking and Network Related category; Carter, Thanks. With the exception of the client's loopback address in the hosts file, I have a very similar ...


Go Back   Usenet Forums > Networking and Network Related > Stunnel Users

Reload this Page Re: [stunnel-users] More questions on RDP and port forwarding

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-26-2007
 
Posts: n/a
Default Re: [stunnel-users] More questions on RDP and port forwarding
Carter,
Thanks. With the exception of the client's loopback address in the hosts file, I have a very similar configuration. I have created an inbound rule (Custom service with an inbound rule declaration but no outbound rule) that looks just like my inbound RDP rules - I even reviewed the configuration file and the stunnel rule had the same commands as the RDP rule. However, RDP works through the firewall but stunnel does not. My Windows firewall has an exception for stunnel with a scope of "Internet" and the stunnel server works from within the corporate network. Meaning, I think, that the Windows firewall is not denying the connection (at least from within the same subnet).

I am not a Windows AD guy, but is there a way to prevent network connections without using the Windows firewall? I mean, can a GPO be created that prevents connections from IP addresses not on the same subnet but that does not use the OS's firewall? If so, this could be the issue because from what I can see, neither the Watchguard nor the Windows firewalls are blocking the connection; yet I still cannot connect.

Richard


Carter Browne wrote:
I use stunnel to protect RDP for a couple of sites using a mix of
Watchguard Edge and V series firewalls. For computer ABC that I want to
connect to, I create an entry in the hosts file:
127.0.0.n ABCs (where n is greater than 1)

On the client side I have an entry:

[ABC-RDP]
accept = ADCs:12345
connect = ABC:54321
client = yes

On the server sid I have an entry:

[RDP-IN]
accept = 54321
connect = 3389
client = no

Port 54321 is enabled in both the Watchguard and the Windows firewalls.

Using the 127.n.n.n ports are not processed by the firewalls. You can
use 127.0.0.1 for everything, but I needed to connect to more that one
host and wanted a standard setup. I have had a number of users confused
by this setup whereby the program references a local port to connect to
a remote computer. For stunnel, it is the connect string that
determines the destination, so any local port works fine for the accept
string.

Carter


_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:02 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0