This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT - Port forwarding 3389 from public to Local, showing my port always open "Shields UP". My old Astaro has same DNAT port forwarding and "Shields UP" was showing the port as stealth. Is it possible to setup port forwarding and &am

DNAT - Port forwarding 3389 from public to Local, showing my port always open "Shields UP". My old Astaro has same DNAT port forwarding and "Shields UP" was showing the port as stealth. Is it possible to setup port forwarding and "Shields UP" scan shows

This thread was automatically locked due to age.

0 NashBrydges over 9 years ago

Hi Vitali,

Opening up port 3389 for RDP to the internet is never recommended, especially if this is being done to allow RDP access to a machine on your internal network. The recommended approach would be to setup a VPN for the user, have the user connect to the UTM via VPN and then the user can access the machine safely.

If however you still want to open this port, chances are that the reason why it is showing as open is because you have selected "Any" in the For Traffic From box. If you are connecting from a known IP address, you can create a definition for this external IP address or FQDN and then map this definition to the "For Traffic From" in your DNAT rule. This will mean that when you scan with ShieldsUP, you will be dropping packets from unauthorized IP addresses. Alternatively, if your ONLY goal is to have a clean result from ShieldsUp, you could ban that IP and drop all traffic from that IP but that wouldn't create a safe network, it would just fool the results.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago in reply to NashBrydges

I agree that this is the best solution. In some cases, I let my clients use a DNAT but the source of such packets is limited to just a few, specific IP's.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel