Re: [Shorewall-users] trouble accessing RDP server through vpn tunnel

[Tom Eastep]

On 6/26/20 6:37 AM, Vieri Di Paola wrote:
> Hi,
> 
> It seems I can't access an RDP service (3389) on a host with IP
> address 10.215.246.24 from an openvpn client with IP address
> 192.168.146.98.
> Accessing the same RDP server from another client works fine.
> 
> I'm not sure it's a firewall issue because I see this:
> 
> # tcpdump -n -i tun146 port 3389 and host 192.168.146.98
> dropped privs to tcpdump
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on tun146, link-type RAW (Raw IP), capture size 262144 bytes
> 09:12:10.665880 IP 192.168.146.98.51811 > 10.215.246.24.3389: Flags
> [S], seq 1273664527, win 64240, options [mss 1357,nop,wscale
> 8,nop,nop,sackOK], length 0
> 09:12:10.666468 IP 10.215.246.24.3389 > 192.168.146.98.51811: Flags
> [S.], seq 1353116740, ack 1273664528, win 64240, options [mss
> 1460,nop,wscale 0,nop,nop,sackO
> K], length 0
> 09:12:10.781841 IP 192.168.146.98.51811 > 10.215.246.24.3389: Flags
> [.], ack 1, win 1028, length 0
> 09:12:10.784384 IP 192.168.146.98.51811 > 10.215.246.24.3389: Flags
> [P.], seq 1:20, ack 1, win 1028, length 19
> 09:12:10.784868 IP 10.215.246.24.3389 > 192.168.146.98.51811: Flags
> [P.], seq 1:20, ack 20, win 64221, length 19
> 09:12:10.886544 IP 192.168.146.98.51811 > 10.215.246.24.3389: Flags
> [R.], seq 20, ack 20, win 0, length 0
> 09:12:19.496402 IP 192.168.146.98.51812 > 10.215.246.24.3389: Flags
> [S], seq 3446290954, win 64240, options [mss 1357,nop,wscale
> 8,nop,nop,sackOK], length 0
> 09:12:19.496955 IP 10.215.246.24.3389 > 192.168.146.98.51812: Flags
> [S.], seq 1218676088, ack 3446290955, win 64240, options [mss
> 1460,nop,wscale 0,nop,nop,sackO
> K], length 0
> 09:12:19.588388 IP 192.168.146.98.51812 > 10.215.246.24.3389: Flags
> [.], ack 1, win 1028, length 0
> 09:12:19.588423 IP 192.168.146.98.51812 > 10.215.246.24.3389: Flags
> [P.], seq 1:20, ack 1, win 1028, length 19
> 09:12:19.903475 IP 192.168.146.98.51812 > 10.215.246.24.3389: Flags
> [P.], seq 1:20, ack 1, win 1028, length 19
> 09:12:20.252426 IP 192.168.146.98.51812 > 10.215.246.24.3389: Flags
> [P.], seq 1:20, ack 1, win 1028, length 19
> 09:12:20.852404 IP 192.168.146.98.51812 > 10.215.246.24.3389: Flags
> [P.], seq 1:20, ack 1, win 1028, length 19
> 09:12:22.065761 IP 192.168.146.98.51812 > 10.215.246.24.3389: Flags
> [P.], seq 1:20, ack 1, win 1028, length 19
> 09:12:24.480485 IP 192.168.146.98.51812 > 10.215.246.24.3389: Flags
> [P.], seq 1:20, ack 1, win 1028, length 19
> 09:12:29.286545 IP 192.168.146.98.51812 > 10.215.246.24.3389: Flags
> [P.], seq 1:20, ack 1, win 1028, length 19
> 09:12:38.898649 IP 192.168.146.98.51812 > 10.215.246.24.3389: Flags
> [R.], seq 20, ack 1, win 0, length 0
> 
> Do you see anything in the shorewall dump that might suggest a FW issue?
> 
> https://drive.google.com/file/d/1zpinkAFYA8BnaiQ4--YhRxGOKDq559kD/view?usp=sharing
> 

The only thing that I see in the dump is that you are dropping TCP 3389
ESTABLISHED packets not marked with value 0xa; that might be the issue

-Tom
-- 
Tom Eastep        \ Q: What do you get when you cross a mobster
Shoreline,         \    with an international standard?
Washington, USA     \ A: Someone who makes you an offer you
http://shorewall.org \    can't understand
                      \________________________________________

signature.asc
Description: OpenPGP digital signature

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users