Community discussions

MikroTik App
 
asimko
newbie
Topic Author
Posts: 39
Joined: Wed Nov 13, 2013 9:55 am

RDP problem

Tue May 27, 2014 7:39 pm

Hello everybody,

I have strange problem. One of my clients (behind NAT) is trying to connect to Windows Server RDP which is also behind NAT and there is a port forward for port 3389 but it is by another ISP.
Problem is that this is not working, it closes connection right away, his router is DrayTek, my router is Mikrotik with latest firmware (6.13) and I have masquerade for this client.
If I try telnet from my router to his IP address, the connection will open (I have a public IP).

Has somebody have similar problem?

Thank you for any answer.
 
User avatar
scotthammersley
Member Candidate
Member Candidate
Posts: 230
Joined: Fri Feb 22, 2013 7:16 pm
Location: Jackson, MS
Contact:

Re: RDP problem

Tue May 27, 2014 7:56 pm

I would be looking at the return src nats, make sure the RDP client and server are being returned with the same src address.
 
asimko
newbie
Topic Author
Posts: 39
Joined: Wed Nov 13, 2013 9:55 am

Re: RDP problem

Wed May 28, 2014 8:38 am

Problem is, that I do not have access to the customer Draytek router.
Customer says that from other ISP there is no problem with the connection, also if I try another ISP, I can connect to RDP server.
I can only investigate connection from me, but I cannot see what is wrong on the other side. What I think, that the Draytek router is not accepting packets from me but only packets that are forwarded on that router.
Do you have any other suggestion?
Thanks.
 
User avatar
scotthammersley
Member Candidate
Member Candidate
Posts: 230
Joined: Fri Feb 22, 2013 7:16 pm
Location: Jackson, MS
Contact:

Re: RDP problem

Wed May 28, 2014 9:54 pm

Post your NAT rules and I will take a look. Though without access to the remote config, it will be hard to decipher.
 
asimko
newbie
Topic Author
Posts: 39
Joined: Wed Nov 13, 2013 9:55 am

Re: RDP problem

Mon Jun 02, 2014 2:16 pm

It turns out, that it was another rule in firewall in my mikrotik, which was blocking communication.
Thank you for your answers!
 
User avatar
scotthammersley
Member Candidate
Member Candidate
Posts: 230
Joined: Fri Feb 22, 2013 7:16 pm
Location: Jackson, MS
Contact:

Re: RDP problem

Mon Jun 02, 2014 7:55 pm

No problem, glad we could try to help.
 
smm
just joined
Posts: 2
Joined: Wed Dec 19, 2018 1:15 pm

Re: RDP problem

Wed Dec 19, 2018 1:28 pm

Hello everyone.

I know this post is very old, but i'm having the exact same problem.
So a little about my problem.

I'm new to mikrotik, and I'm trying to connect to a server from a client with RDP, and the first connection is established but when I put the username and the password it always gives an error about wrong password, and this only happens with this connection, if I connect to any other server by RDP it works perfectly, and if I connect my computer to any other network besides this one I can connect to the server without the wrong password error.
I think it's important for yous guys to know, that this is a new mikrotik with more or less 15 days, the old mikrotik wasn't working very well, and it was very very old and we change it but in "his final days" it started to have the sambe behaviour, and giving us the same error with the same connection to only that server, so the minor problems combined to this new one made us decide to buy a new one, and in theses past 15 days I didn't have any problems connecting to the server in question by RDP so I thought ok problem solved, the problem was really with the old mikrotik, but now it started doing the same thing. I already tried turning off every rules in the firewall trying to find the problem but no luck.

Any clues?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RDP problem

Wed Dec 19, 2018 10:54 pm

No config, no clues possible. :-)
 
smm
just joined
Posts: 2
Joined: Wed Dec 19, 2018 1:15 pm

Re: RDP problem

Thu Dec 20, 2018 5:36 pm

No config, no clues possible. :-)
LOL. You're absolutely right.

/interface bridge
add admin-mac=CC:2D:E0:10:FD:6A auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether6-master
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country=portugal disabled=no distance=indoors frequency=auto mode=ap-bridge \
ssid=Alenprojectos wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
xxx wpa2-pre-shared-key=xxx
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=profile \
supplicant-identity=MikroTik_xxx wpa-pre-shared-key=xxx \
wpa2-pre-shared-key=xxxx
/interface wireless
add disabled=no mac-address=CE:2D:E0:10:FD:73 master-interface=wlan1 name=wlan2 \
security-profile=profile ssid="xxxxx"
/ip pool
add name=dhcp ranges=10.0.0.10-10.0.0.250
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge filter
add action=drop chain=forward in-interface=wlan2
add action=drop chain=forward out-interface=wlan2
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
add bridge=bridge interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set enabled=yes ipsec-secret="axxxxxxxxxygjytjahergewe<HRGTFJYKY YU547\
Q35T4 YREHFRSTJSJRTYA4YYEARG<FAA1SCq" use-ipsec=yes
/interface list member
add interface=sfp1 list=discover
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=wlan1 list=discover
add interface=bridge list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
add interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=10.0.0.254/8 comment=defconf interface=ether2-master network=\
10.0.0.0
add address=192.168.0.209/24 interface=ether1 network=192.168.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=10.0.0.0/8 comment=defconf gateway=10.0.0.254 netmask=8
/ip dns
set allow-remote-requests=yes servers=192.168.0.1,8.8.8.8
/ip dns static
add address=10.0.0.254 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=\
udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
ether1
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
add action=dst-nat chain=dstnat dst-port=3389 protocol=tcp to-addresses=\
xx.xx.xx.xx to-ports=3389
/ip route
add distance=1 gateway=192.168.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8080
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd interface pages
set 0 interfaces="sfp1,ether1,ether2-master,ether3,ether4,ether5,ether6-master,e\
ther7,ether8,ether9,ether10"
/system clock
set time-zone-name=Europe/Lisbon
/system identity
set name=MikroTik_xx
/system scheduler
add interval=10m name="IPCloud Force" on-event="/ip cloud force-update" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=dec/06/2018 start-time=11:40:21
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox

Who is online

Users browsing this forum: abdullanetworking, Babujnik, stanisljevic and 79 guests